Chg: update image tag in helm values to v2.6.2

[WIFI-10842] Add: docker-compose support for iptocountry

.github/git-release-tool/git-release-tool.sh

@@ -104,14 +104,6 @@ modify_deploy_repo_values() {
     log_info "No changes in microservices and since the latest tag are found, new release is not required"
   else
     sed 's/^version: .*/version: '${NEW_RELEASE_TAG#v}'/' chart/Chart.yaml -i
-    if [[ "$GIT_PUSH_CONFIRMED" == "true" ]]; then
-      log_info "Updating helm dependencies:"
-      cd chart
-      helm dependency update
-      cd ..
-    else
-      log_info "Skipping helm charts update due to GIT_PUSH_CONFIRMED not being set to 'true'"
-    fi
   fi
   git diff
 }

.github/git-release-tool/repositories.yaml

@@ -18,3 +18,9 @@ repositories:
   - name: owprov
     url: https://github.com/Telecominfraproject/wlan-cloud-owprov.git
     docker_compose_name: OWPROV_TAG
+  - name: owanalytics
+    url: https://github.com/Telecominfraproject/wlan-cloud-analytics.git
+    docker_compose_name: OWANALYTICS_TAG
+  - name: owsub
+    url: https://github.com/Telecominfraproject/wlan-cloud-userportal.git
+    docker_compose_name: OWSUB_TAG

.github/workflows/ci.yml

@@ -0,0 +1,113 @@
+name: CI
+
+on:
+  push:
+    tags:
+      - 'v*'
+      - '!v*-RC*'
+  pull_request:
+    branches:
+      - main
+      - 'release/*'
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  envs:
+    name: Setup environment variables for further tests
+    if: startsWith(github.ref, 'refs/pull/') || startsWith(github.ref, 'refs/tags/v')
+    runs-on: ubuntu-latest
+    outputs:
+      pr_branch: ${{ steps.get_branch_names.outputs.pr_branch }}
+      deployment_upgrade_tag: ${{ steps.get_deployment_upgrade_tag.outputs.tag }}
+      deployment_tag: ${{ steps.get_deployment_tag.outputs.tag }}
+    steps:
+    - name: Get branch names and set as outputs
+      id: get_branch_names
+      if: startsWith(github.ref, 'refs/pull/')
+      run: |
+        echo ::set-output name=pr_branch::$(echo ${GITHUB_HEAD_REF})
+
+    - name: Get created deployment tag and set as output
+      id: get_deployment_upgrade_tag
+      if: startsWith(github.ref, 'refs/tags/v')
+      run: |
+        echo ::set-output name=tag::$(echo ${GITHUB_REF#refs/tags/})
+
+    - name: Get previous deployment tag
+      id: get_deployment_tag
+      if: startsWith(github.ref, 'refs/tags/v')
+      run: |
+        echo ::set-output name=tag::$(git tag | grep -v RC | tail -2 | head -1)
+
+  trigger-docker-compose-testing:
+    if: startsWith(github.ref, 'refs/pull/')
+    runs-on: ubuntu-latest
+    needs: envs
+    steps:
+    - name: Checkout actions repo
+      uses: actions/checkout@v2
+      with:
+        repository: Telecominfraproject/.github
+        path: github
+
+    - name: Trigger testing of OpenWifi Docker Compose deployment and wait for result
+      uses: ./github/composite-actions/trigger-workflow-and-wait
+      env:
+        PR_BRANCH: ${{ needs.envs.outputs.pr_branch }}
+      with:
+        owner: Telecominfraproject
+        repo: wlan-testing
+        workflow: ow_docker-compose.yml
+        token: ${{ secrets.WLAN_TESTING_PAT }}
+        ref: master
+        inputs: '{"deployment_version": "${{ env.PR_BRANCH }}", "microservice": "all"}'
+
+  trigger-k8s-testing:
+    if: startsWith(github.ref, 'refs/pull/')
+    runs-on: ubuntu-latest
+    needs: envs
+    steps:
+    - name: Checkout actions repo
+      uses: actions/checkout@v2
+      with:
+        repository: Telecominfraproject/.github
+        path: github
+
+    - name: Trigger testing of OpenWifi Docker Compose deployment and wait for result
+      uses: ./github/composite-actions/trigger-workflow-and-wait
+      env:
+        PR_BRANCH: ${{ needs.envs.outputs.pr_branch }}
+      with:
+        owner: Telecominfraproject
+        repo: wlan-testing
+        workflow: ow_k8s.yml
+        token: ${{ secrets.WLAN_TESTING_PAT }}
+        ref: master
+        inputs: '{"deployment_version": "${{ env.PR_BRANCH }}", "microservice": "all"}'
+
+  trigger-docker-compose-upgrade-testing:
+    if: startsWith(github.ref, 'refs/tags/v')
+    runs-on: ubuntu-latest
+    needs: envs
+    steps:
+    - name: Checkout actions repo
+      uses: actions/checkout@v2
+      with:
+        repository: Telecominfraproject/.github
+        path: github
+
+    - name: Trigger testing of OpenWifi Docker Compose deployment upgrade and wait for result
+      uses: ./github/composite-actions/trigger-workflow-and-wait
+      env:
+        DEPLOYMENT_TAG: ${{ needs.envs.outputs.deployment_tag }}
+        DEPLOYMENT_UPGRADE_TAG: ${{ needs.envs.outputs.deployment_upgrade_tag }}
+      with:
+        owner: Telecominfraproject
+        repo: wlan-testing
+        workflow: ow_docker-compose-upgrade-test.yml
+        token: ${{ secrets.WLAN_TESTING_PAT }}
+        ref: master
+        inputs: '{"deployment_version": "${{ env.DEPLOYMENT_TAG }}", "deployment_upgrade_version": "${{ env.DEPLOYMENT_UPGRADE_TAG }}"}'

.gitignore

@@ -3,3 +3,4 @@ chart/charts/*
 /docker-compose/certs/
 /docker-compose/*_data
 /docker-compose/owls/*_data
+chart/environment-values/wlan-cloud-ucentral-deploy/

chart/Chart.yaml

@@ -2,28 +2,31 @@ apiVersion: v2
 name: openwifi
 appVersion: "1.0"
 description: A Helm chart for Kubernetes
-version: 2.5.0
+version: 2.6.2
 dependencies:
 - name: owgw
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.5.0"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.6.2"
   version: 0.1.0
 - name: owsec
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.5.0"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.6.0"
   version: 0.1.0
 - name: owfms
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.5.0"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.6.0"
   version: 0.1.0
 - name: owprov
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=v2.5.0"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=v2.6.0"
+  version: 0.1.0
+- name: owanalytics
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-analytics@helm?ref=v2.6.0"
   version: 0.1.0
 - name: owgwui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.5.0"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.6.0"
   version: 0.1.0
 - name: owprovui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=v2.5.0"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=v2.6.0"
   version: 0.1.0
-- name: rttys
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty@chart?ref=main"
+- name: owsub
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-userportal@helm?ref=v2.6.0"
   version: 0.1.0
 - name: kafka
   repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/

chart/README.md

@@ -77,7 +77,12 @@ The following table lists the configurable parameters that overrides microservic
 | `owfms.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Firmware to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
 | `owprov.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Provisioning to use Kafka for communication | `'true'` |
 | `owprov.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Provisioning to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
+| `owanalytics.enabled` | boolean | Install OpenWIFI Analytics in the release | `false` |
+| `owanalytics.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Analytics to use Kafka for communication | `'true'` |
+| `owanalytics.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Analytics to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
 | `rttys.enabled` | boolean | Enables [rttys](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty) deployment | `True` |
+| `rttys.internal` | boolean | Whether to use the built-in rttys server | `True` |
+| `rttys.enabled` | boolean | Enable or disable rttys | `True` |
 | `rttys.config.token` | string | Sets default rttys token |  |
 | `kafka.enabled` | boolean | Enables [kafka](https://github.com/bitnami/charts/blob/master/bitnami/kafka/) deployment | `True` |
 | `kafka.fullnameOverride` | string | Overrides Kafka Kubernetes service name so it could be predictable and set in microservices configs | `'kafka'` |
@@ -184,6 +189,12 @@ All services have 2 REST API endpoints - private and public one. Private endpoin
 
 You may see example values to enable this feature in [values.restapi-certmanager-certs.yaml](./feature-values/values.restapi-certmanager-certs.yaml).
 
+### Unsecure REST API endpoints
+
+If you want, you may use configuration property `openwifi.security.restapi.disable=true` in order to disable TLS requirements on REST API endpoints which basically only requires OWGW Websocket TLS certificate in order to deploy the whole environment. If you will pass certificates into the container they will be ignored.
+
+You may see example values to enable this feature in [values.restapi-disable-tls.yaml](./feature-values/values.restapi-disable-tls.yaml).
+
 ## Environment specific values
 
 This repository contains values files that may be used in the same manner as feature values above to deploy to specific runtime envionemnts (including different cloud deployments).

chart/docker/Dockerfile

@@ -40,6 +40,24 @@ RUN git clone https://github.com/Telecominfraproject/wlan-cloud-owprov.git owpro
   && cp owprov/test_scripts/curl/cli owprov_cli \
   && rm -rf owprov
 
+# OWAnalytics
+ARG OWANALYTICS_VERSION=main
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-analytics.git owanalytics \
+  && cd owanalytics \
+  && git checkout $OWANALYTICS_VERSION \
+  && cd /cli \
+  && cp owanalytics/test_scripts/curl/cli owanalytics_cli \
+  && rm -rf owanalytics
+
+# OWSub
+ARG OWSUB_VERSION=main
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-userportal.git owsub \
+  && cd owsub \
+  && git checkout $OWSUB_VERSION \
+  && cd /cli \
+  && cp owsub/test_scripts/curl/cli owsub_cli \
+  && rm -rf owsub
+
 COPY clustersysteminfo clustersysteminfo
 COPY change_credentials change_credentials
 

chart/docker/clustersysteminfo

@@ -38,6 +38,11 @@ do
   sleep 5
 done
 
+if [[ "$ONLY_CHANGE_CREDENTIALS" == "true" ]]; then
+  echo "Flag ONLY_CHANGE_CREDENTIALS was set to true, exiting without services checks";
+  exit 0
+fi
+
 if [[ "${CHANGE_CHECK_RETRIES}" -eq "0" ]]
 then
   echo "Run out of retries to change/check login credentials"
@@ -89,6 +94,24 @@ do
   let "exit_code_sum+=$(grep ErrorCode result.json | wc -l)"
   sleep 1
 
+  ./owanalytics_cli systeminfo
+  let "exit_code_sum+=$?"
+  if [[ ! -s result.json ]]
+  then
+    let "exit_code_sum+=1"
+  fi
+  let "exit_code_sum+=$(grep ErrorCode result.json | wc -l)"
+  sleep 1
+
+  ./owsub_cli systeminfo
+  let "exit_code_sum+=$?"
+  if [[ ! -s result.json ]]
+  then
+    let "exit_code_sum+=1"
+  fi
+  let "exit_code_sum+=$(grep ErrorCode result.json | wc -l)"
+  sleep 1
+
   let "CHECK_RETRIES-=1"
   echo "Exit code sum: $exit_code_sum"
   echo "Left retries: $CHECK_RETRIES"

chart/environment-values/deploy.sh

@@ -3,40 +3,45 @@ set -e
 
 # Usage function
 usage () {
-  echo;
-  echo "This script is indended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables";
-  echo;
-  echo "Required environment variables:"
-  echo;
-  echo "- NAMESPACE - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'ucentral-test')";
-  echo "- DEPLOY_METHOD - deployment method for the chart deployment (supported methods - 'git' (will use helm-git from assembly chart) and 'bundle' (will use chart stored in the Artifactory0";
-  echo "- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)";
-  echo;
-  echo "- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment";
-  echo "- RTTY_TOKEN - token to be used for rttys and OpenWIFI Gateway for remote tty sessions";
-  echo "- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security";
-  echo "- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
-  echo "- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket";
-  echo "- OWFMS_S3_KEY - access key that is used for OpenWIFI Firmware access to firmwares S3 bucket";
-  echo "- OWSEC_NEW_PASSWORD - password that should be set to default user instead of default password from properties";
-  echo "- CERT_LOCATION - path to certificate in PEM format that will be used for securing all endpoint in all services";
-  echo "- KEY_LOCATION - path to private key in PEM format that will be used for securing all endpoint in all services";
-  echo;
-  echo "Following environmnet variables may be passed, but will be ignored if CHART_VERSION is set to release (i.e. v2.4.0):"
-  echo;
-  echo "- OWGW_VERSION - OpenWIFI Gateway version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
-  echo "- OWGWUI_VERSION - OpenWIFI Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
-  echo "- OWSEC_VERSION - OpenWIFI Security version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
-  echo "- OWFMS_VERSION - OpenWIFI Firmware version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
-  echo "- OWPROV_VERSION - OpenWIFI Provisioning version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
-  echo "- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
-  echo;
-  echo "Optional environment variables:"
-  echo;
-  echo "- EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,)"
-  echo "- DEVICE_CERT_LOCATION - path to certificate in PEM format that will be used for load simulator";
-  echo "- DEVICE_KEY_LOCATION - path to private key in PEM format that will be used for load simulator";
-  echo "- USE_SEPARATE_OWGW_LB - flag that should change split external DNS for OWGW and other services"
+  echo >&2;
+  echo "This script is indended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables" >&2;
+  echo >&2;
+  echo "Required environment variables:" >&2;
+  echo >&2;
+  echo "- NAMESPACE - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'ucentral-test')" >&2;
+  echo "- DEPLOY_METHOD - deployment method for the chart deployment (supported methods - 'git' (will use helm-git from assembly chart) and 'bundle' (will use chart stored in the Artifactory0" >&2;
+  echo "- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)" >&2;
+  echo >&2;
+  echo "- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment" >&2;
+  echo "- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security" >&2;
+  echo "- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)" >&2;
+  echo "- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2;
+  echo "- OWFMS_S3_KEY - access key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2;
+  echo "- OWSEC_NEW_PASSWORD - password that should be set to default user instead of default password from properties" >&2;
+  echo "- CERT_LOCATION - path to certificate in PEM format that will be used for securing all endpoint in all services" >&2;
+  echo "- KEY_LOCATION - path to private key in PEM format that will be used for securing all endpoint in all services" >&2;
+  echo >&2;
+  echo "Following environmnet variables may be passed, but will be ignored if CHART_VERSION is set to release (i.e. v2.4.0):" >&2;
+  echo >&2;
+  echo "- OWGW_VERSION - OpenWIFI Gateway version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWGWUI_VERSION - OpenWIFI Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWSEC_VERSION - OpenWIFI Security version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWFMS_VERSION - OpenWIFI Firmware version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWPROV_VERSION - OpenWIFI Provisioning version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWANALYTICS_VERSION - OpenWIFI Analytics version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWSUB_VERSION - OpenWIFI Subscription (Userportal) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo >&2;
+  echo "Optional environment variables:" >&2;
+  echo >&2;
+  echo "- EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,)" >&2;
+  echo "- DEVICE_CERT_LOCATION - path to certificate in PEM format that will be used for load simulator" >&2;
+  echo "- DEVICE_KEY_LOCATION - path to private key in PEM format that will be used for load simulator" >&2;
+  echo "- USE_SEPARATE_OWGW_LB - flag that should change split external DNS for OWGW and other services" >&2;
+  echo "- INTERNAL_RESTAPI_ENDPOINT_SCHEMA - what schema to use for internal RESTAPI endpoints (https by default)" >&2;
+  echo "- IPTOCOUNTRY_IPINFO_TOKEN - token that should be set for IPInfo support (owgw/owprov iptocountry.ipinfo.token properties), ommited if not passed" >&2;
+  echo "- MAILER_USERNAME - SMTP username used for OWSEC mailer" >&2;
+  echo "- MAILER_PASSWORD - SMTP password used for OWSEC mailer (only if both MAILER_PASSWORD and MAILER_USERNAME are set, mailer will be enabled)" >&2;
 }
 
 # Global variables
@@ -55,34 +60,38 @@ check_if_chart_version_is_release() {
 
 # Check if required environment variables were passed
 ## Deployment specifics
-[ -z ${DEPLOY_METHOD+x} ] && echo "DEPLOY_METHOD is unset" && usage && exit 1
-[ -z ${CHART_VERSION+x} ] && echo "CHART_VERSION is unset" && usage && exit 1
+[ -z ${DEPLOY_METHOD+x} ] && echo "DEPLOY_METHOD is unset" >&2 && usage && exit 1
+[ -z ${CHART_VERSION+x} ] && echo "CHART_VERSION is unset" >&2 && usage && exit 1
 if check_if_chart_version_is_release; then
   echo "Chart version ($CHART_VERSION) is release version, ignoring services versions"
 else
   echo "Chart version ($CHART_VERSION) is not release version, checking if services versions are set"
-  [ -z ${OWGW_VERSION+x} ] && echo "OWGW_VERSION is unset" && usage && exit 1
-  [ -z ${OWGWUI_VERSION+x} ] && echo "OWGWUI_VERSION is unset" && usage && exit 1
-  [ -z ${OWSEC_VERSION+x} ] && echo "OWSEC_VERSION is unset" && usage && exit 1
-  [ -z ${OWFMS_VERSION+x} ] && echo "OWFMS_VERSION is unset" && usage && exit 1
-  [ -z ${OWPROV_VERSION+x} ] && echo "OWPROV_VERSION is unset" && usage && exit 1
-  [ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" && usage && exit 1
+  [ -z ${OWGW_VERSION+x} ] && echo "OWGW_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWGWUI_VERSION+x} ] && echo "OWGWUI_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWSEC_VERSION+x} ] && echo "OWSEC_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWFMS_VERSION+x} ] && echo "OWFMS_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWPROV_VERSION+x} ] && echo "OWPROV_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWANALYTICS_VERSION+x} ] && echo "OWANALYTICS_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWSUB_VERSION+x} ] && echo "OWSUB_VERSION is unset" >&2 && usage && exit 1
 fi
 ## Environment specifics
-[ -z ${NAMESPACE+x} ] && echo "NAMESPACE is unset" && usage && exit 1
+[ -z ${NAMESPACE+x} ] && echo "NAMESPACE is unset" >&2 && usage && exit 1
 ## Variables specifics
-[ -z ${VALUES_FILE_LOCATION+x} ] && echo "VALUES_FILE_LOCATION is unset" && usage && exit 1
-[ -z ${RTTY_TOKEN+x} ] && echo "RTTY_TOKEN is unset" && usage && exit 1
-[ -z ${OWGW_AUTH_USERNAME+x} ] && echo "OWGW_AUTH_USERNAME is unset" && usage && exit 1
-[ -z ${OWGW_AUTH_PASSWORD+x} ] && echo "OWGW_AUTH_PASSWORD is unset" && usage && exit 1
-[ -z ${OWFMS_S3_SECRET+x} ] && echo "OWFMS_S3_SECRET is unset" && usage && exit 1
-[ -z ${OWFMS_S3_KEY+x} ] && echo "OWFMS_S3_KEY is unset" && usage && exit 1
-[ -z ${OWSEC_NEW_PASSWORD+x} ] && echo "OWSEC_NEW_PASSWORD is unset" && usage && exit 1
-[ -z ${CERT_LOCATION+x} ] && echo "CERT_LOCATION is unset" && usage && exit 1
-[ -z ${KEY_LOCATION+x} ] && echo "KEY_LOCATION is unset" && usage && exit 1
+[ -z ${VALUES_FILE_LOCATION+x} ] && echo "VALUES_FILE_LOCATION is unset" >&2 && usage && exit 1
+[ -z ${OWGW_AUTH_USERNAME+x} ] && echo "OWGW_AUTH_USERNAME is unset" >&2 && usage && exit 1
+[ -z ${OWGW_AUTH_PASSWORD+x} ] && echo "OWGW_AUTH_PASSWORD is unset" >&2 && usage && exit 1
+[ -z ${OWFMS_S3_SECRET+x} ] && echo "OWFMS_S3_SECRET is unset" >&2 && usage && exit 1
+[ -z ${OWFMS_S3_KEY+x} ] && echo "OWFMS_S3_KEY is unset" >&2 && usage && exit 1
+[ -z ${OWSEC_NEW_PASSWORD+x} ] && echo "OWSEC_NEW_PASSWORD is unset" >&2 && usage && exit 1
+[ -z ${CERT_LOCATION+x} ] && echo "CERT_LOCATION is unset" >&2 && usage && exit 1
+[ -z ${KEY_LOCATION+x} ] && echo "KEY_LOCATION is unset" >&2 && usage && exit 1
 
 [ -z ${DEVICE_CERT_LOCATION+x} ] && echo "DEVICE_CERT_LOCATION is unset, setting it to CERT_LOCATION" && export DEVICE_CERT_LOCATION=$CERT_LOCATION
 [ -z ${DEVICE_KEY_LOCATION+x} ] && echo "DEVICE_KEY_LOCATION is unset, setting it to KEY_LOCATION" && export DEVICE_KEY_LOCATION=$KEY_LOCATION
+[ -z ${INTERNAL_RESTAPI_ENDPOINT_SCHEMA+x} ] && echo "INTERNAL_RESTAPI_ENDPOINT_SCHEMA is unset, setting it to 'https'" && export INTERNAL_RESTAPI_ENDPOINT_SCHEMA=https
+export MAILER_ENABLED="false"
+[ ! -z ${MAILER_USERNAME+x} ] && [ ! -z ${MAILER_PASSWORD+x} ] && echo "MAILER_USERNAME and MAILER_PASSWORD are set, mailer will be enabled" && export MAILER_ENABLED="true"
 
 # Transform some environment variables
 export OWGW_VERSION_TAG=$(echo ${OWGW_VERSION} | tr '/' '-')
@@ -91,9 +100,11 @@ export OWSEC_VERSION_TAG=$(echo ${OWSEC_VERSION} | tr '/' '-')
 export OWFMS_VERSION_TAG=$(echo ${OWFMS_VERSION} | tr '/' '-')
 export OWPROV_VERSION_TAG=$(echo ${OWPROV_VERSION} | tr '/' '-')
 export OWPROVUI_VERSION_TAG=$(echo ${OWPROVUI_VERSION} | tr '/' '-')
+export OWANALYTICS_VERSION_TAG=$(echo ${OWANALYTICS_VERSION} | tr '/' '-')
+export OWSUB_VERSION_TAG=$(echo ${OWSUB_VERSION} | tr '/' '-')
 
 # Debug get bash version
-bash --version > /dev/stderr
+bash --version >&2
 
 # Check deployment method that's required for this environment
 helm plugin install https://github.com/databus23/helm-diff || true
@@ -111,6 +122,8 @@ if [[ "$DEPLOY_METHOD" == "git" ]]; then
     sed -i '/wlan-cloud-ucentralfms@/s/ref=.*/ref='${OWFMS_VERSION}'\"/g' Chart.yaml
     sed -i '/wlan-cloud-owprov@/s/ref=.*/ref='${OWPROV_VERSION}'\"/g' Chart.yaml
     sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-analytics@/s/ref=.*/ref='${OWANALYTICS_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-userportal@/s/ref=.*/ref='${OWSUB_VERSION}'\"/g' Chart.yaml
   fi
   helm repo add bitnami https://charts.bitnami.com/bitnami
   helm repo update
@@ -122,7 +135,7 @@ else
     helm repo add tip-wlan-cloud-ucentral-helm https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ || true
     export DEPLOY_SOURCE="tip-wlan-cloud-ucentral-helm/openwifi --version $CHART_VERSION"
   else
-    echo "Deploy method is not correct: $DEPLOY_METHOD. Valid value - git or bundle"
+    echo "Deploy method is not correct: $DEPLOY_METHOD. Valid value - git or bundle" >&2
     exit 1
   fi
 fi
@@ -139,10 +152,10 @@ for EXTRA_VALUE in ${EXTRA_VALUES_SPLITTED[*]}; do
 done
 
 if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]]; then
-  export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,rtty-${NAMESPACE}.cicd.lab.wlan.tip.build"
+  export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build"
   export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build"
 else
-  export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build\,sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,rtty-${NAMESPACE}.cicd.lab.wlan.tip.build"
+  export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build\,sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build"
   export OWGW_SERVICE_DNS_RECORDS=""
 fi
 
@@ -152,23 +165,27 @@ helm upgrade --install --create-namespace --wait --timeout 60m \
   ${VALUES_FILES_FLAGS[*]} \
   --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owgw.configProperties."openwifi\.fileuploader\.host\.0\.name"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set owgw.configProperties."rtty\.server"=rtty-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."rtty\.server"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owgw.configProperties."openwifi\.system\.uri\.public"=https://gw-${NAMESPACE}.cicd.lab.wlan.tip.build:16002 \
-  --set owgw.configProperties."openwifi\.system\.uri\.private"=https://owgw-owgw:17002 \
+  --set owgw.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owgw-owgw:17002 \
   --set owgw.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set owgw.configProperties."rtty\.token"=${RTTY_TOKEN} \
+  --set owgw.configProperties."iptocountry\.ipinfo\.token"="${IPTOCOUNTRY_IPINFO_TOKEN}" \
   --set owgw.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
   --set owsec.configProperties."authentication\.default\.username"=${OWGW_AUTH_USERNAME} \
   --set owsec.configProperties."authentication\.default\.password"=${OWGW_AUTH_PASSWORD} \
   --set owsec.services.owsec.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sec-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owsec.configProperties."openwifi\.system\.uri\.public"=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
-  --set owsec.configProperties."openwifi\.system\.uri\.private"=https://owsec-owsec:17001 \
+  --set owsec.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsec-owsec:17001 \
   --set owsec.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."mailer\.sender"=sec-${NAMESPACE}@cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."mailer\.enabled"=$MAILER_ENABLED \
+  --set owsec.configProperties."mailer\.username"=$MAILER_USERNAME \
+  --set owsec.configProperties."mailer\.password"=$MAILER_PASSWORD \
   --set owfms.configProperties."s3\.secret"=${OWFMS_S3_SECRET} \
   --set owfms.configProperties."s3\.key"=${OWFMS_S3_KEY} \
   --set owfms.services.owfms.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=fms-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owfms.configProperties."openwifi\.system\.uri\.public"=https://fms-${NAMESPACE}.cicd.lab.wlan.tip.build:16004 \
-  --set owfms.configProperties."openwifi\.system\.uri\.private"=https://owfms-owfms:17004 \
+  --set owfms.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owfms-owfms:17004 \
   --set owfms.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owfms.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
   --set owgwui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
@@ -176,19 +193,29 @@ helm upgrade --install --create-namespace --wait --timeout 60m \
   --set owgwui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
   --set owprov.services.owprov.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=prov-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owprov.configProperties."openwifi\.system\.uri\.public"=https://prov-${NAMESPACE}.cicd.lab.wlan.tip.build:16005 \
-  --set owprov.configProperties."openwifi\.system\.uri\.private"=https://owprov-owprov:17005 \
+  --set owprov.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owprov-owprov:17005 \
   --set owprov.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprov.configProperties."iptocountry\.ipinfo\.token"="${IPTOCOUNTRY_IPINFO_TOKEN}" \
   --set owprov.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
   --set owprovui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=provui-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owprovui.ingresses.default.hosts={provui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
   --set owprovui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
-  --set rttys.config.token=${RTTY_TOKEN} \
-  --set rttys.services.rttys.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=rtty-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprovui.public_env_variables.REACT_APP_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owanalytics.services.owanalytics.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=analytics-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.public"=https://analytics-${NAMESPACE}.cicd.lab.wlan.tip.build:16009 \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owanalytics-owanalytics:17009 \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owanalytics.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsub.services.owsub.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sub-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsub.configProperties."openwifi\.system\.uri\.public"=https://sub-${NAMESPACE}.cicd.lab.wlan.tip.build:16006 \
+  --set owsub.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsub-owsub:17006 \
+  --set owsub.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsub.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
   --set clustersysteminfo.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
   --set clustersysteminfo.secret_env_variables.OWSEC_NEW_PASSWORD=${OWSEC_NEW_PASSWORD} \
   --set owls.services.owls.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=ls-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owls.configProperties."openwifi\.system\.uri\.public"=https://ls-${NAMESPACE}.cicd.lab.wlan.tip.build:16007 \
-  --set owls.configProperties."openwifi\.system\.uri\.private"=https://owls-owls:17007 \
+  --set owls.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owls-owls:17007 \
   --set owls.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owlsui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=lsui-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owlsui.ingresses.default.hosts={lsui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
@@ -200,8 +227,6 @@ helm upgrade --install --create-namespace --wait --timeout 60m \
   --set-file owgw.certs."restapi-key\.pem"=$KEY_LOCATION \
   --set-file owgw.certs."websocket-cert\.pem"=$CERT_LOCATION \
   --set-file owgw.certs."websocket-key\.pem"=$KEY_LOCATION \
-  --set-file rttys.certs."restapi-cert\.pem"=$CERT_LOCATION \
-  --set-file rttys.certs."restapi-key\.pem"=$KEY_LOCATION \
   --set-file owsec.certs."restapi-cert\.pem"=$CERT_LOCATION \
   --set-file owsec.certs."restapi-key\.pem"=$KEY_LOCATION \
   --set-file owfms.certs."restapi-cert\.pem"=$CERT_LOCATION \
@@ -212,4 +237,8 @@ helm upgrade --install --create-namespace --wait --timeout 60m \
   --set-file owls.certs."restapi-key\.pem"=$KEY_LOCATION \
   --set-file owls.certs."device-cert\.pem"=$DEVICE_CERT_LOCATION \
   --set-file owls.certs."device-key\.pem"=$DEVICE_KEY_LOCATION \
+  --set-file owanalytics.certs."restapi-cert\.pem"=$CERT_LOCATION \
+  --set-file owanalytics.certs."restapi-key\.pem"=$KEY_LOCATION \
+  --set-file owsub.certs."restapi-cert\.pem"=$CERT_LOCATION \
+  --set-file owsub.certs."restapi-key\.pem"=$KEY_LOCATION \
   tip-openwifi $DEPLOY_SOURCE

chart/environment-values/values.aws.yaml

@@ -6,9 +6,12 @@ owgw:
     openwifi.system.uri.private: https://gw.cicd.lab.wlan.tip.build:17002
     openwifi.system.uri.ui: https://webui.cicd.lab.wlan.tip.build
     rtty.server: rtty.cicd.lab.wlan.tip.build
-    rtty.token: TOFILL # TODO change rttys token to the same used in rttys below
 
 owgwui:
+  services:
+    owgwui:
+      type: NodePort
+
   ingresses:
     default:
       enabled: true
@@ -44,17 +47,21 @@ owfms:
     #s3.bucketname: ucentral-ap-firmware
     #s3.region: us-east-1
     #s3.bucket.uri: ucentral-ap-firmware.s3.amazonaws.com
-    openwifi.system.uri.public: https://fms.cicd.lab.wlan.tip.build:16001
-    openwifi.system.uri.private: https://fms.cicd.lab.wlan.tip.build:17001
+    openwifi.system.uri.public: https://fms.cicd.lab.wlan.tip.build:16004
+    openwifi.system.uri.private: https://fms.cicd.lab.wlan.tip.build:17004
     openwifi.system.uri.ui: https://webui.cicd.lab.wlan.tip.build
 
 owprov:
   configProperties: # TODO change FQDNs
-    openwifi.system.uri.public: https://prov.cicd.lab.wlan.tip.build:16001
-    openwifi.system.uri.private: https://prov.cicd.lab.wlan.tip.build:17001
+    openwifi.system.uri.public: https://prov.cicd.lab.wlan.tip.build:16005
+    openwifi.system.uri.private: https://prov.cicd.lab.wlan.tip.build:17005
     openwifi.system.uri.ui: https://webui.cicd.lab.wlan.tip.build
 
 owprovui:
+  services:
+    owprovui:
+      type: NodePort
+
   ingresses:
     default:
       enabled: true
@@ -72,11 +79,19 @@ owprovui:
         servicePort: http
 
   public_env_variables:
-    DEFAULT_UCENTRALSEC_URL: https://sec.cicd.lab.wlan.tip.build:16001 # TODO change to OWSEC RESTAPI url
+    REACT_APP_UCENTRALSEC_URL: https://sec.cicd.lab.wlan.tip.build:16001 # TODO change to OWSEC RESTAPI url
 
-rttys:
-  config:
-    token: TOFILL # TODO change rttys token and set it in OWGW section above
+owsub:
+  configProperties: # TODO change FQDNs
+    openwifi.system.uri.public: https://sub.cicd.lab.wlan.tip.build:16007
+    openwifi.system.uri.private: https://sub.cicd.lab.wlan.tip.build:17007
+    openwifi.system.uri.ui: https://webui.cicd.lab.wlan.tip.build
+
+owanalytics:
+  configProperties: # TODO change FQDNs
+    openwifi.system.uri.public: https://analytics.cicd.lab.wlan.tip.build:16009
+    openwifi.system.uri.private: https://analytics.cicd.lab.wlan.tip.build:17009
+    openwifi.system.uri.ui: https://webui.cicd.lab.wlan.tip.build
 
 haproxy:
   service:
@@ -85,7 +100,7 @@ haproxy:
       service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
       service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
       service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
-      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913"
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009,16007"
       service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
-      external-dns.alpha.kubernetes.io/hostname: "gw.cicd.lab.wlan.tip.build,sec.cicd.lab.wlan.tip.build,fms.cicd.lab.wlan.tip.build,prov.cicd.lab.wlan.tip.build,rtty.cicd.lab.wlan.tip.build"
+      external-dns.alpha.kubernetes.io/hostname: "gw.cicd.lab.wlan.tip.build,sec.cicd.lab.wlan.tip.build,fms.cicd.lab.wlan.tip.build,prov.cicd.lab.wlan.tip.build,rtty.cicd.lab.wlan.tip.build,sub.cicd.lab.wlan.tip.build,analytics.cicd.lab.wlan.tip.build" # TODO change FQDNs
 

chart/environment-values/values.openwifi-qa.disable-tls.yaml

@@ -0,0 +1,29 @@
+# NOTE: using of this values files will require you to use http schema in 'openwifi.system.uri.private' (and maybe 'openwifi.system.uri.public') configuration properties (i.e. http://owgw-owgw:17002)
+owgw:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+
+owsec:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+
+owfms:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+
+owprov:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+
+owanalytics:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+
+owsub:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+
+haproxy:
+  service:
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp

chart/environment-values/values.openwifi-qa.external-db.yaml

@@ -8,7 +8,130 @@ owgw:
 
   postgresql:
     enabled: true
+    nameOverride: owgw-pgsql
     fullnameOverride: owgw-pgsql
     postgresqlDatabase: owgw
     postgresqlUsername: owgw
     postgresqlPassword: owgw
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi
+
+#owsec:
+#  configProperties:
+#    storage.type: postgresql
+#    storage.type.postgresql.host: owsec-pgsql
+#    storage.type.postgresql.database: owsec
+#    storage.type.postgresql.username: owsec
+#    storage.type.postgresql.password: owsec
+#
+#  postgresql:
+#    enabled: true
+#    nameOverride: owsec-pgsql
+#    fullnameOverride: owsec-pgsql
+#    postgresqlDatabase: owsec
+#    postgresqlUsername: owsec
+#    postgresqlPassword: owsec
+#    resources:
+#      requests:
+#        cpu: 250m
+#        memory: 1024Mi
+#      limits:
+#        cpu: 250m
+#        memory: 1024Mi
+
+#owfms:
+#  configProperties:
+#    storage.type: postgresql
+#    storage.type.postgresql.host: owfms-pgsql
+#    storage.type.postgresql.database: owfms
+#    storage.type.postgresql.username: owfms
+#    storage.type.postgresql.password: owfms
+#
+#  postgresql:
+#    enabled: true
+#    nameOverride: owfms-pgsql
+#    fullnameOverride: owfms-pgsql
+#    postgresqlDatabase: owfms
+#    postgresqlUsername: owfms
+#    postgresqlPassword: owfms
+#    resources:
+#      requests:
+#        cpu: 250m
+#        memory: 1024Mi
+#      limits:
+#        cpu: 250m
+#        memory: 1024Mi
+
+#owprov:
+#  configProperties:
+#    storage.type: postgresql
+#    storage.type.postgresql.host: owprov-pgsql
+#    storage.type.postgresql.database: owprov
+#    storage.type.postgresql.username: owprov
+#    storage.type.postgresql.password: owprov
+#
+#  postgresql:
+#    enabled: true
+#    nameOverride: owprov-pgsql
+#    fullnameOverride: owprov-pgsql
+#    postgresqlDatabase: owprov
+#    postgresqlUsername: owprov
+#    postgresqlPassword: owprov
+#    resources:
+#      requests:
+#        cpu: 250m
+#        memory: 1024Mi
+#      limits:
+#        cpu: 250m
+#        memory: 1024Mi
+
+owanalytics:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: owanalytics-pgsql
+    storage.type.postgresql.database: owanalytics
+    storage.type.postgresql.username: owanalytics
+    storage.type.postgresql.password: owanalytics
+
+  postgresql:
+    enabled: true
+    nameOverride: owanalytics-pgsql
+    fullnameOverride: owanalytics-pgsql
+    postgresqlDatabase: owanalytics
+    postgresqlUsername: owanalytics
+    postgresqlPassword: owanalytics
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi
+
+#owsub:
+#  configProperties:
+#    storage.type: postgresql
+#    storage.type.postgresql.host: owsub-pgsql
+#    storage.type.postgresql.database: owsub
+#    storage.type.postgresql.username: owsub
+#    storage.type.postgresql.password: owsub
+#
+#  postgresql:
+#    enabled: true
+#    nameOverride: owsub-pgsql
+#    fullnameOverride: owsub-pgsql
+#    postgresqlDatabase: owsub
+#    postgresqlUsername: owsub
+#    postgresqlPassword: owsub
+#    resources:
+#      requests:
+#        cpu: 250m
+#        memory: 1024Mi
+#      limits:
+#        cpu: 250m
+#        memory: 1024Mi

chart/environment-values/values.openwifi-qa.separate-lbs.yaml

@@ -22,18 +22,6 @@ owsec:
         service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,17001"
 
-rttys:
-  services:
-    rttys:
-      type: LoadBalancer
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
-        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "5914"
-        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "5912,5913"
-
 owfms:
   services:
     owfms:
@@ -58,5 +46,29 @@ owprov:
         service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16005,17005"
 
+owanalytics:
+  services:
+    owanalytics:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16109"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16009,17009"
+
+owsub:
+  services:
+    owsub:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16106"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16006,17006"
+
 haproxy:
   enabled: false

chart/environment-values/values.openwifi-qa.test-nodes.yaml

@@ -30,6 +30,22 @@ owsec:
     operator: "Exists"
     effect: "NoSchedule"
 
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
 owgwui:
   nodeSelector:
     env: tests
@@ -46,6 +62,22 @@ owfms:
     operator: "Exists"
     effect: "NoSchedule"
 
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
 owprov:
   nodeSelector:
     env: tests
@@ -54,6 +86,22 @@ owprov:
     operator: "Exists"
     effect: "NoSchedule"
 
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
 owprovui:
   nodeSelector:
     env: tests
@@ -86,14 +134,6 @@ owls:
         operator: "Exists"
         effect: "NoSchedule"
 
-rttys:
-  nodeSelector:
-    env: tests
-  tolerations:
-  - key: "tests"
-    operator: "Exists"
-    effect: "NoSchedule"
-
 owlsui:
   nodeSelector:
     env: tests
@@ -102,6 +142,54 @@ owlsui:
     operator: "Exists"
     effect: "NoSchedule"
 
+owanalytics:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
+owsub:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
 kafka:
   nodeSelector:
     env: tests

chart/environment-values/values.openwifi-qa.yaml

@@ -5,14 +5,17 @@ owgw:
       readiness:
         exec:
           command: ["true"]
+        failureThreshold: 5
+      readiness:
+        failureThreshold: 5
 
   resources:
     requests:
-      cpu: 100m
+      cpu: 2000m
       memory: 100Mi
     limits:
-      cpu: 100m
-      memory: 200Mi
+      cpu: 2000m
+      memory: 500Mi
 
   securityContext:
     sysctls:
@@ -156,6 +159,7 @@ owsec:
     openwifi.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
     openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
     openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
+    mailer.hostname: email-smtp.us-east-2.amazonaws.com
 
   volumes:
     owsec:
@@ -189,19 +193,11 @@ owsec:
           secret:
             secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
 
-rttys:
-  resources:
-    requests:
-      cpu: 10m
-      memory: 15Mi
-    limits:
-      cpu: 100m
-      memory: 100Mi
-
-  podAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-
 owgwui:
+  services:
+    owgwui:
+      type: NodePort
+
   ingresses:
     default:
       enabled: true
@@ -239,10 +235,10 @@ owfms:
   resources:
     requests:
       cpu: 10m
-      memory: 30Mi
-    limits:
-      cpu: 50m
       memory: 80Mi
+    limits:
+      cpu: 100m
+      memory: 160Mi
 
   podAnnotations:
     cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
@@ -402,6 +398,10 @@ owprov:
             secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
 
 owprovui:
+  services:
+    owprovui:
+      type: NodePort
+
   ingresses:
     default:
       enabled: true
@@ -420,6 +420,172 @@ owprovui:
   podAnnotations:
     cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
 
+owanalytics:
+  checks:
+    owanalytics:
+      readiness:
+        exec:
+          command: ["true"]
+
+  resources:
+    requests:
+      cpu: 10m
+      memory: 100Mi
+    limits:
+      cpu: 100m
+      memory: 500Mi
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+  certs:
+    restapi-ca.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
+      -----END CERTIFICATE-----
+
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owanalytics:
+      - name: config
+        mountPath: /owanalytics-data/owanalytics.properties
+        subPath: owanalytics.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-config
+      - name: certs
+        mountPath: /owanalytics-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-certs
+      - name: persist
+        mountPath: /owanalytics-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owanalytics.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owanalytics-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
+
+owsub:
+  resources:
+    requests:
+      cpu: 10m
+      memory: 100Mi
+    limits:
+      cpu: 100m
+      memory: 500Mi
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+  certs:
+    restapi-ca.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
+      -----END CERTIFICATE-----
+
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owsub:
+      - name: config
+        mountPath: /owsub-data/owsub.properties
+        subPath: owsub.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-config
+      - name: certs
+        mountPath: /owsub-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-certs
+      - name: persist
+        mountPath: /owsub-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owsub.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owsub-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
+
 
 kafka:
   commonAnnotations:
@@ -453,13 +619,20 @@ clustersysteminfo:
   delay: 60 # delaying to wait for AWS Route53 DNS propagation
 
 haproxy:
+  resources:
+    requests:
+      cpu: 10m
+      memory: 20Mi
+    limits:
+      cpu: 10m
+      memory: 20Mi
   service:
     annotations:
       service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
       service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
       service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
       service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
-      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009"
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009,16007,16006,17006"
       service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
 
 restapiCerts:

chart/feature-values/values.restapi-certmanager-certs.yaml

@@ -179,5 +179,93 @@ owprov:
           secret:
             secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
 
+owanalytics:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owanalytics:
+      - name: config
+        mountPath: /owanalytics-data/owanalytics.properties
+        subPath: owanalytics.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-config
+      - name: certs
+        mountPath: /owanalytics-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-certs
+      - name: persist
+        mountPath: /owanalytics-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owanalytics.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owanalytics-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
+
+owsub:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owsub:
+      - name: config
+        mountPath: /owsub-data/owsub.properties
+        subPath: owsub.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-config
+      - name: certs
+        mountPath: /owsub-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-certs
+      - name: persist
+        mountPath: /owsub-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owsub.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owsub-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
+
 restapiCerts:
   enabled: true

chart/feature-values/values.restapi-disable-tls.yaml

@@ -0,0 +1,30 @@
+# NOTE: using of this values files will require you to use http schema in 'openwifi.system.uri.public' configuration properties (i.e. "openwifi.system.uri.public=http://owgw.openwifi.local:16002")
+owgw:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.private: http://owsec-owsec:17002
+
+owsec:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.private: http://owsec-owsec:17001
+
+owfms:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.private: http://owsec-owsec:17004
+
+owprov:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.private: http://owsec-owsec:17005
+
+owanalytics:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.private: http://owsec-owsec:17009
+
+owsub:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.private: http://owsec-owsec:17006

chart/templates/certificate-restapi.yaml

@@ -16,6 +16,7 @@ spec:
   secretName: ow-wildcard-tls
   commonName: {{ .Release.Namespace }}.svc.{{ .Values.restapiCerts.clusterDomain }}
   isCA: true
+  duration: 87600h
   usages:
     - server auth
     - client auth

chart/values.yaml

@@ -26,6 +26,14 @@ owfms:
 owprov:
   fullnameOverride: owprov
 
+  configProperties:
+    openwifi.kafka.enable: "true"
+    openwifi.kafka.brokerlist: kafka:9092
+      #
+# OpenWIFI Analytics (https://github.com/Telecominfraproject/wlan-cloud-analytics)
+owanalytics:
+  fullnameOverride: owanalytics
+
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -38,14 +46,13 @@ owgwui:
 owprovui:
   fullnameOverride: owprovui
 
-# rttys (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty)
-rttys:
-  enabled: true
+# OpenWIFI Subscription (https://github.com/Telecominfraproject/wlan-cloud-userportal/)
+owsub:
+  fullnameOverride: owsub
 
-  fullnameOverride: rttys
-
-  config:
-    token: 96181c567b4d0d98c50f127230068fa8
+  configProperties:
+    openwifi.kafka.enable: "true"
+    openwifi.kafka.brokerlist: kafka:9092
 
 # kafka (https://github.com/bitnami/charts/blob/master/bitnami/kafka/)
 kafka:
@@ -71,7 +78,7 @@ clustersysteminfo:
   images:
     clustersysteminfo:
       repository: tip-tip-wlan-cloud-ucentral.jfrog.io/clustersysteminfo
-      tag: main
+      tag: v2.6.2
       pullPolicy: Always
 #      regcred:
 #        registry: tip-tip-wlan-cloud-ucentral.jfrog.io
@@ -168,6 +175,14 @@ haproxy:
         protocol: TCP
         port: 17002
         targetPort: owgwrestint
+      - name: owgwrttys
+        protocol: TCP
+        port: 5912
+        targetPort: owgwrttys
+      - name: owgwrttysview
+        protocol: TCP
+        port: 5913
+        targetPort: owgwrttysview
       # owprov
       - name: owprovrest
         protocol: TCP
@@ -186,19 +201,24 @@ haproxy:
         protocol: TCP
         port: 17001
         targetPort: owsecrestint
-      # rttys
-      - name: rttysdev
+      # owanalytics
+      - name: owanalyticsrest
         protocol: TCP
-        port: 5912
-        targetPort: rttysdev
-      - name: rttysuser
+        port: 16009
+        targetPort: owanalyticsrest
+      - name: owanalyticsrint
         protocol: TCP
-        port: 5913
-        targetPort: rttysuser
-      - name: rttysweb
+        port: 17009
+        targetPort: owanalyticsrint
+      # owsub
+      - name: owsubrest
         protocol: TCP
-        port: 5914
-        targetPort: rttysweb
+        port: 16006
+        targetPort: owsubrest
+      - name: owsubrint
+        protocol: TCP
+        port: 17006
+        targetPort: owsubrint
 
   containerPorts:
     # healthcheck
@@ -218,6 +238,10 @@ haproxy:
       containerPort: 16003
     - name: owgwrestint
       containerPort: 17002
+    - name: owgwrttys
+      containerPort: 5912
+    - name: owgwrttysview
+      containerPort: 5913
     # owprov
     - name: owprovrest
       containerPort: 16005
@@ -228,13 +252,16 @@ haproxy:
       containerPort: 16001
     - name: owsecrestint
       containerPort: 17001
-    # rttys
-    - name: rttysdev
-      containerPort: 5912
-    - name: rttysuser
-      containerPort: 5913
-    - name: rttysweb
-      containerPort: 5914
+    # owanalytics
+    - name: owanalyticsrest
+      containerPort: 16009
+    - name: owanalyticsrint
+      containerPort: 17009
+    # owsub
+    - name: owsubrest
+      containerPort: 16006
+    - name: owsubrint
+      containerPort: 17006
 
   configuration: |
     global
@@ -307,6 +334,22 @@ haproxy:
       mode tcp
       server svc_owgw_rest_internal owgw-owgw:17002
 
+    frontend front_owgw_rttys
+      bind :5912
+      mode tcp
+      default_backend back_owgw_rttys
+    backend back_owgw_rttys
+      mode tcp
+      server svc_owgw_rttys owgw-owgw:5912
+
+    frontend front_owgw_rttys_view
+      bind :5913
+      mode tcp
+      default_backend back_owgw_rttys_view
+    backend back_owgw_rttys_view
+      mode tcp
+      server svc_owgw_rttys_view owgw-owgw:5913
+
     # owprov
     frontend front_owprov_rest
       bind :16005
@@ -341,30 +384,39 @@ haproxy:
       mode tcp
       server svc_owsec_rest_internal owsec-owsec:17001
 
-    # rttys
-    frontend front_rttys_dev
-      bind :5912
+    # owanalytics
+    frontend front_owanalytics_rest
+      bind :16009
       mode tcp
-      default_backend back_rttys_dev
-    backend back_rttys_dev
+      default_backend back_owanalytics_rest
+    backend back_owanalytics_rest
       mode tcp
-      server svc_rttys_dev rttys-rttys:5912
+      server svc_owanalytics_rest owanalytics-owanalytics:16009
 
-    frontend front_rttys_user
-      bind :5913
+    frontend front_owanalytics_rest_internal
+      bind :17009
       mode tcp
-      default_backend back_rttys_user
-    backend back_rttys_user
+      default_backend back_owanalytics_rest_internal
+    backend back_owanalytics_rest_internal
       mode tcp
-      server svc_rttys_user rttys-rttys:5913
+      server svc_owanalytics_rest_internal owanalytics-owanalytics:17009
 
-    frontend front_rttys_web
-      bind :5914
+    # owsub
+    frontend front_owsub_rest
+      bind :16006
       mode tcp
-      default_backend back_rttys_web
-    backend back_rttys_web
+      default_backend back_owsub_rest
+    backend back_owsub_rest
       mode tcp
-      server svc_rttys_web rttys-rttys:5914
+      server svc_owsub_rest owsub-owsub:16006
+
+    frontend front_owsub_rest_internal
+      bind :17006
+      mode tcp
+      default_backend back_owsub_rest_internal
+    backend back_owsub_rest_internal
+      mode tcp
+      server svc_owsub_rest_internal owsub-owsub:17006
 
 # Cert-manager RESTAPI certs
 restapiCerts:
@@ -376,5 +428,7 @@ restapiCerts:
     - owfms-owfms
     - owprov-owprov
     - owls-owls
+    - owanalytics-owanalytics
+    - owsub-owsub
 
   clusterDomain: cluster.local

docker-compose/.env

@@ -1,12 +1,13 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=v2.5.0
-OWGWUI_TAG=v2.5.0
-OWSEC_TAG=v2.5.0
-OWFMS_TAG=v2.5.0
-OWPROV_TAG=v2.5.0
-OWPROVUI_TAG=v2.5.0
-RTTYS_TAG=3.5.0
+OWGW_TAG=v2.6.2
+OWGWUI_TAG=v2.6.0
+OWSEC_TAG=v2.6.0
+OWFMS_TAG=v2.6.0
+OWPROV_TAG=v2.6.0
+OWPROVUI_TAG=v2.6.0
+OWANALYTICS_TAG=v2.6.0
+OWSUB_TAG=v2.6.0
 KAFKA_TAG=latest
 ZOOKEEPER_TAG=latest
 POSTGRESQL_TAG=latest
@@ -20,9 +21,15 @@ OWFMS_ROOT=/owfms-data
 OWFMS_CONFIG=/owfms-data
 OWPROV_ROOT=/owprov-data
 OWPROV_CONFIG=/owprov-data
+OWANALYTICS_ROOT=/owanalytics-data
+OWANALYTICS_CONFIG=/owanalytics-data
+OWSUB_ROOT=/owsub-data
+OWSUB_CONFIG=/owsub-data
 
 # Microservice hostnames
 INTERNAL_OWGW_HOSTNAME=owgw.wlan.local
 INTERNAL_OWSEC_HOSTNAME=owsec.wlan.local
 INTERNAL_OWFMS_HOSTNAME=owfms.wlan.local
 INTERNAL_OWPROV_HOSTNAME=owprov.wlan.local
+INTERNAL_OWANALYTICS_HOSTNAME=owanalytics.wlan.local
+INTERNAL_OWSUB_HOSTNAME=owsub.wlan.local

docker-compose/.env.letsencrypt

@@ -1,12 +1,13 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=v2.5.0
-OWGWUI_TAG=v2.5.0
-OWSEC_TAG=v2.5.0
-OWFMS_TAG=v2.5.0
-OWPROV_TAG=v2.5.0
-OWPROVUI_TAG=v2.5.0
-RTTYS_TAG=3.5.0
+OWGW_TAG=v2.6.2
+OWGWUI_TAG=v2.6.0
+OWSEC_TAG=v2.6.0
+OWFMS_TAG=v2.6.0
+OWPROV_TAG=v2.6.0
+OWPROVUI_TAG=v2.6.0
+OWANALYTICS_TAG=v2.6.0
+OWSUB_TAG=v2.6.0
 KAFKA_TAG=latest
 ZOOKEEPER_TAG=latest
 ACMESH_TAG=latest
@@ -21,6 +22,10 @@ OWFMS_ROOT=/owfms-data
 OWFMS_CONFIG=/owfms-data
 OWPROV_ROOT=/owprov-data
 OWPROV_CONFIG=/owprov-data
+OWANALYTICS_ROOT=/owanalytics-data
+OWANALYTICS_CONFIG=/owanalytics-data
+OWSUB_ROOT=/owsub-data
+OWSUB_CONFIG=/owsub-data
 
 # Microservice hostnames
 INTERNAL_OWGW_HOSTNAME=owgw.wlan.local
@@ -29,12 +34,7 @@ INTERNAL_OWSEC_HOSTNAME=owsec.wlan.local
 INTERNAL_OWFMS_HOSTNAME=owfms.wlan.local
 INTERNAL_OWPROV_HOSTNAME=owprov.wlan.local
 INTERNAL_OWPROVUI_HOSTNAME=owprov-ui.wlan.local
+INTERNAL_OWANALYTICS_HOSTNAME=owanalytics.wlan.local
 INTERNAL_RTTYS_HOSTNAME=rttys.wlan.local
-OWGW_HOSTNAME=
-OWGWUI_HOSTNAME=
-OWGWFILEUPLOAD_HOSTNAME=
-OWSEC_HOSTNAME=
-OWFMS_HOSTNAME=
-OWPROV_HOSTNAME=
-OWPROVUI_HOSTNAME=
-RTTYS_HOSTNAME=
+INTERNAL_OWSUB_HOSTNAME=owsub.wlan.local
+SDKHOSTNAME=

docker-compose/.env.selfsigned

@@ -1,12 +1,13 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=v2.5.0
-OWGWUI_TAG=v2.5.0
-OWSEC_TAG=v2.5.0
-OWFMS_TAG=v2.5.0
-OWPROV_TAG=v2.5.0
-OWPROVUI_TAG=v2.5.0
-RTTYS_TAG=3.5.0
+OWGW_TAG=v2.6.2
+OWGWUI_TAG=v2.6.0
+OWSEC_TAG=v2.6.0
+OWFMS_TAG=v2.6.0
+OWPROV_TAG=v2.6.0
+OWPROVUI_TAG=v2.6.0
+OWANALYTICS_TAG=v2.6.0
+OWSUB_TAG=v2.6.0
 KAFKA_TAG=latest
 ZOOKEEPER_TAG=latest
 ACMESH_TAG=latest
@@ -21,6 +22,10 @@ OWFMS_ROOT=/owfms-data
 OWFMS_CONFIG=/owfms-data
 OWPROV_ROOT=/owprov-data
 OWPROV_CONFIG=/owprov-data
+OWANALYTICS_ROOT=/owanalytics-data
+OWANALYTICS_CONFIG=/owanalytics-data
+OWSUB_ROOT=/owsub-data
+OWSUB_CONFIG=/owsub-data
 
 # Microservice hostnames
 INTERNAL_OWGW_HOSTNAME=owgw.wlan.local
@@ -29,4 +34,5 @@ INTERNAL_OWSEC_HOSTNAME=owsec.wlan.local
 INTERNAL_OWFMS_HOSTNAME=owfms.wlan.local
 INTERNAL_OWPROV_HOSTNAME=owprov.wlan.local
 INTERNAL_OWPROVUI_HOSTNAME=owprov-ui.wlan.local
-INTERNAL_RTTYS_HOSTNAME=rttys.wlan.local
+INTERNAL_OWANALYTICS_HOSTNAME=owanalytics.wlan.local
+INTERNAL_OWSUB_HOSTNAME=owsub.wlan.local

docker-compose/README.md

@@ -1,6 +1,6 @@
 # OpenWifi SDK Docker Compose
 ### Overview
-With the provided Docker Compose files you can instantiate a deployment of the OpenWifi microservices and related components. The repository contains a self-signed certificate and a TIP-signed gateway certificate which are valid for the `*.wlan.local` domain. You also have the possibility to either generate and use Letsencrypt certs or provide your own certificates. Furthermore the deployments are split by whether Traefik is used as a reverse proxy/load balancer in front of the microservices or if they are exposed directly on the host. The advantage of using the deployments with Traefik is that you can use Letsencrypt certs (automatic certificate generation and renewal) and you have the ability to scale specific containers to multiple replicas.  
+With the provided Docker Compose files you can instantiate a deployment of the OpenWifi microservices and related components. The repository contains a self-signed certificate and a TIP-signed gateway certificate which are valid for the `*.wlan.local` domain. You also have the possibility to either generate and use Letsencrypt certs or provide your own certificates. Furthermore the deployments are split by whether Traefik is used as a reverse proxy/load balancer in front of the microservices or if they are exposed directly on the host. The advantage of using the deployments with Traefik is that you can use Letsencrypt certs (automatic certificate generation and renewal) and you have the ability to scale specific containers to multiple replicas.
 The repository also contains a separate Docker Compose deployment to set up the [OWLS microservice](https://github.com/Telecominfraproject/wlan-cloud-owls) and related components for running a load simulation test against an existing controller.
 - [Non-LB deployment with self-signed certificates](#non-lb-deployment-with-self-signed-certificates)
 - [Non-LB deployment with own certificates](#non-lb-deployment-with-own-certificates)
@@ -9,13 +9,13 @@ The repository also contains a separate Docker Compose deployment to set up the
 - [LB deployment with Letsencrypt certificates](#lb-deployment-with-letsencrypt-certificates)
 - [OWLS deployment with self-signed certificates](owls/README.md)
 ### Configuration
-If you don't bind mount your own config files they are generated on every startup based on the environment variables in the microservice specific env files. For an overview of the supported configuration properties have a look into the microservice specific env files. For an explanation of the configuration properties please see the README in the respective microservice repository.  
-Be aware that the non-LB deployment exposes the generated config files on the host. So if you want to make configuration changes afterwards, please do them directly in the config files located in the microservice data directories.
+Config files for the microservices are generated on every startup based on the environment variables in the microservice specific env files. For an overview of the supported configuration properties have a look into these files. For an explanation of the configuration properties please see the README in the respective microservice repository.
+Be aware that local changes to the config files will be overwritten on every startup if `TEMPLATE_CONFIG` is set to `true` in the microservice env files. If you want to bind mount your own config file or make local changes, please set this variable to `false`.
 #### Required password changing on the first startup
 One important action that must be done before using the deployment is changing password for the default user in owsec as described in [owsec docs](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/tree/main#changing-default-password). Please use these docs to find the actions that must be done **after** the deployment in order to start using your deployment.
 ### Ports
-Every OpenWifi service is exposed via a separate port either directly on the host or through Traefik. For an overview of the exposed ports have a look into the deployment specific Docker Compose file. If you use your own certificates or make use of the [Letsencrypt LB deployment](#lb-deployment-with-letsencrypt-certificates), you can also configure different hostnames for the microservices.  
-Please note that the OWProv-UI is exposed on port `8080(HTTP)/8443(HTTPS)` by default except for the Letsencrypt LB deployment, where the service listens on the default `80/443` HTTP(S) ports.
+Every OpenWifi service is exposed via a separate port either directly on the host or through Traefik. For an overview of the exposed ports have a look into the deployment specific Docker Compose file. If you use your own certificates, you can also configure different hostnames for the microservices.
+Please note that the OWProv-UI is exposed on port `8080(HTTP)/8443(HTTPS)` by default.
 ### owsec templates and wwwassets
 On the startup of owsec directories for wwwassets and mailer templates are created from the base files included in Docker image. After the initial startup you may edit those files as you wish in the [owsec-data/persist](./owsec-data/persist) directory.
 ## Non-LB deployment with self-signed certificates
@@ -23,7 +23,7 @@ On the startup of owsec directories for wwwassets and mailer templates are creat
 2. Add an entry for `openwifi.wlan.local` in your hosts file which points to `127.0.0.1` or whatever the IP of the host running the deployment is.
 3. Spin up the deployment with `docker-compose up -d`.
 4. Check if the containers are up and running with `docker-compose ps`.
-5. Add SSL certificate exceptions in your browser by visiting https://openwifi.wlan.local:16001, https://openwifi.wlan.local:16002, https://openwifi.wlan.local:16004 and https://openwifi.wlan.local:16005.
+5. Add SSL certificate exceptions in your browser by visiting https://openwifi.wlan.local:16001, https://openwifi.wlan.local:16002, https://openwifi.wlan.local:16004, https://openwifi.wlan.local:16005, https://openwifi.wlan.local:16006 and https://openwifi.wlan.local:16009.
 6. Connect to your AP via SSH and add a static hosts entry in `/etc/hosts` for `openwifi.wlan.local`. This should point to the address of the host the Compose deployment runs on.
 7. Login to the UI `https://openwifi.wlan.local` and follow the instructions to change your default password.
 8. To use the curl test scripts included in the microservice repositories set the following environment variables:
@@ -31,7 +31,7 @@ On the startup of owsec directories for wwwassets and mailer templates are creat
 export OWSEC="openwifi.wlan.local:16001"
 export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-compose/certs/restapi-ca.pem"
 ```
-⚠️**Note**: When deploying with self-signed certificates you can not make use of the trace functionality in the UI since the AP will throw a TLS error when uploading the trace to OWGW. Please use the Letsencrypt deployment or provide your own valid certificates if you want to use this function.
+⚠️**Note**: When deploying with self-signed certificates you can not use the 'Trace' and 'Connect' features in the UI since the AP will throw a TLS error. Please use the Letsencrypt deployment or provide your own valid certificates if you want to use these features.
 ## Non-LB deployment with own certificates
 1. Switch into the project directory with `cd docker-compose/`. Copy your websocket and REST API certificates into the `certs/` directory. Make sure to reference the certificates accordingly in the service config if you use different file names or if you want to use different certificates for the respective microservices.
 2. Adapt the following hostname and URI variables according to your environment:
@@ -42,13 +42,15 @@ export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-comp
 | `INTERNAL_OWSEC_HOSTNAME`  | Set this to your OWSec hostname, for example `owsec.example.com`.   |
 | `INTERNAL_OWFMS_HOSTNAME`  | Set this to your OWFms hostname, for example `owfms.example.com`.   |
 | `INTERNAL_OWPROV_HOSTNAME` | Set this to your OWProv hostname, for example `owprov.example.com`. |
+| `INTERNAL_OWANALYTICS_HOSTNAME` | Set this to your OWAnalytics hostname, for example `owanalytics.example.com`. |
+| `INTERNAL_OWSUB_HOSTNAME`  | Set this to your OWSub hostname, for example `owsub.example.com`.   |
 ### owgw.env
 | Variable                                 | Description                                                                         |
 | ---------------------------------------- | ----------------------------------------------------------------------------------- |
 | `FILEUPLOADER_HOST_NAME`                 | Set this to your OWGW fileupload hostname, for example `owgw.example.com`.          |
 | `FILEUPLOADER_URI`                       | Set this to your OWGW fileupload URL, for example `https://owgw.example.com:16003`. |
 | `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWGW REST API URL, for example `https://owgw.example.com:16002`.   |
-| `RTTY_SERVER`                            | Set this to your RTTY server hostname, for example `rttys.example.com`.             |
+| `RTTY_SERVER`                            | Set this to your OWGW RTTYS hostname, for example `owgw.example.com`.               |
 | `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
 ### owgw-ui.env
 | Variable                  | Description                                                                |
@@ -57,22 +59,27 @@ export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-comp
 ### owsec.env
 | Variable                                 | Description                                                                         |
 | ---------------------------------------- | ----------------------------------------------------------------------------------- |
-| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWSec REST API URL, for example `https://owsec.example.com:16001`. |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
 | `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
 ### owfms.env
 | Variable                                 | Description                                                                         |
 | ---------------------------------------- | ----------------------------------------------------------------------------------- |
-| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWFms REST API URL, for example `https://owfms.example.com:16004`. |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWFms URL, for example `https://owfms.example.com:16004`. |
 | `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
 ### owprov.env
 | Variable                                 | Description                                                                           |
 | ---------------------------------------- | ------------------------------------------------------------------------------------- |
-| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWProv REST API URL, for example `https://owprov.example.com:16005`. |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWProv URL, for example `https://owprov.example.com:16005`. |
 | `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.              |
 ### owprov-ui.env
-| Variable                  | Description                                                                |
-| ------------------------- | -------------------------------------------------------------------------- |
-| `DEFAULT_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+| Variable                    | Description                                                                |
+| --------------------------- | -------------------------------------------------------------------------- |
+| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+### owanalytics.env
+| Variable                                 | Description                                                                            |
+| ---------------------------------------- | -------------------------------------------------------------------------------------- |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWAnalytics URL, for example `https://owanalytics.example.com:16009`. |
+| `SYSTEM_URI_UI`                          | Set this to your OWProv-UI URL, for example `https://owprov-ui.example.com`.           |
 3. Spin up the deployment with `docker-compose up -d`.
 4. Check if the containers are up and running with `docker-compose ps`.
 5. Login to the UI and and follow the instructions to change your default password.
@@ -111,76 +118,93 @@ export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-comp
 | `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owprov`          |
 | `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owprov`          |
 | `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owprov`          |
+### owanalytics.env
+| Variable                           | Value/Description |
+| ---------------------------------- | ----------------- |
+| `STORAGE_TYPE`                     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_HOST`     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owanalytics`     |
+| `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owanalytics`     |
+| `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owanalytics`     |
 ### postgresql.env
-| Variable             | Value      |
-| -------------------- | ---------- |
-| `POSTGRES_PASSWORD`  | `postgres` |
-| `POSTGRES_USER`      | `postgres` |
-| `OWGW_DB`            | `owgw`     |
-| `OWGW_DB_USER`       | `owgw`     |
-| `OWGW_DB_PASSWORD`   | `owgw`     |
-| `OWSEC_DB`           | `owsec`    |
-| `OWSEC_DB_USER`      | `owsec`    |
-| `OWSEC_DB_PASSWORD`  | `owsec`    |
-| `OWFMS_DB`           | `owfms`    |
-| `OWFMS_DB_USER`      | `owfms`    |
-| `OWFMS_DB_PASSWORD`  | `owfms`    |
-| `OWPROV_DB`          | `owprov`   |
-| `OWPROV_DB_USER`     | `owprov`   |
-| `OWPROV_DB_PASSWORD` | `owprov`   |
+| Variable                  | Value         |
+| --------------------------| ------------- |
+| `POSTGRES_PASSWORD`       | `postgres`    |
+| `POSTGRES_USER`           | `postgres`    |
+| `OWGW_DB`                 | `owgw`        |
+| `OWGW_DB_USER`            | `owgw`        |
+| `OWGW_DB_PASSWORD`        | `owgw`        |
+| `OWSEC_DB`                | `owsec`       |
+| `OWSEC_DB_USER`           | `owsec`       |
+| `OWSEC_DB_PASSWORD`       | `owsec`       |
+| `OWFMS_DB`                | `owfms`       |
+| `OWFMS_DB_USER`           | `owfms`       |
+| `OWFMS_DB_PASSWORD`       | `owfms`       |
+| `OWPROV_DB`               | `owprov`      |
+| `OWPROV_DB_USER`          | `owprov`      |
+| `OWPROV_DB_PASSWORD`      | `owprov`      |
+| `OWANALYTICS_DB`          | `owanalytics` |
+| `OWANALYTICS_DB_USER`     | `owanalytics` |
+| `OWANALYTICS_DB_PASSWORD` | `owanalytics` |
+| `OWSUB_DB`                | `owsub`       |
+| `OWSUB_DB_USER`           | `owsub`       |
+| `OWSUB_DB_PASSWORD`       | `owsub`       |
 3. Depending on whether you want to use [self-signed certificates](#non-lb-deployment-with-self-signed-certificates) or [provide your own](#non-lb-deployment-with-own-certificates), follow the instructions of the according deployment model. Spin up the deployment with `docker-compose -f docker-compose.yml -f docker-compose.postgresql.yml up -d`. It is recommended to create an alias for this deployment model with `alias docker-compose-postgresql="docker-compose -f docker-compose.yml -f docker-compose.postgresql.yml"`.
 ## LB deployment with self-signed certificates
 Follow the same instructions as for the self-signed deployment without Traefik. The only difference is that you have to spin up the deployment with `docker-compose -f docker-compose.lb.selfsigned.yml --env-file .env.selfsigned up -d`. Make sure to specify the Compose and the according .env file every time you're working with the deployment or create an alias, for example `alias docker-compose-lb-selfsigned="docker-compose -f docker-compose.lb.selfsigned.yml --env-file .env.selfsigned"`. You also have the possibility to scale specific services to a specified number of instances with `docker-compose-lb-selfsigned up -d --scale SERVICE=NUM`, where `SERVICE` is the service name as defined in the Compose file.
 ## LB deployment with Letsencrypt certificates
-For the Letsencrypt challenge to work you need a public IP address. The hostnames which you set for the microservices have to resolve to this IP address to pass the HTTP-01 challenge (https://letsencrypt.org/docs/challenge-types/#http-01-challenge).
+For the Letsencrypt challenge to work you need a public IP address. The hostname which you set in the `$SDKHOSTNAME` env variable has to resolve to this IP address to pass the HTTP-01 challenge (https://letsencrypt.org/docs/challenge-types/#http-01-challenge).
 1. Switch into the project directory with `cd docker-compose/`.
 2. Adapt the following hostname and URI variables according to your environment.
 ### .env.letsencrypt
-| Variable                  | Description                                                                |
-| ------------------------- | -------------------------------------------------------------------------- |
-| `OWGW_HOSTNAME`           | Set this to your OWGW hostname, for example `owgw.example.com`.            |
-| `OWGWUI_HOSTNAME`         | Set this to your OWGW-UI hostname, for example `owgw-ui.example.com`.      |
-| `OWGWFILEUPLOAD_HOSTNAME` | Set this to your OWGW fileupload hostname, for example `owgw.example.com`. |
-| `OWSEC_HOSTNAME`          | Set this to your OWSec hostname, for example `owsec.example.com`.          |
-| `OWFMS_HOSTNAME`          | Set this to your OWFms hostname, for example `owfms.example.com`.          |
-| `OWPROV_HOSTNAME`         | Set this to your OWProv hostname, for example `owprov.example.com`.        |
-| `OWPROVUI_HOSTNAME`       | Set this to your OWProv-UI hostname, for example `owprov-ui.example.com`.  |
-| `RTTYS_HOSTNAME`          | Set this to your RTTYS hostname, for example `rttys.example.com`.          |
+| Variable      | Description                                                                                                |
+| ------------- | ---------------------------------------------------------------------------------------------------------- |
+| `SDKHOSTNAME` | Set this to the public hostname you want to use for all microservices, for example `openwifi.example.com`. |
 
 ### owgw.env
-| Variable                 | Description                                                                         |
-| -----------------------  | ----------------------------------------------------------------------------------- |
-| `FILEUPLOADER_HOST_NAME` | Set this to your OWGW fileupload hostname, for example `owgw.example.com`.          |
-| `FILEUPLOADER_URI`       | Set this to your OWGW fileupload URL, for example `https://owgw.example.com:16003`. |
-| `SYSTEM_URI_PUBLIC`      | Set this to your OWGW REST API URL, for example `https://owgw.example.com:16002`.   |
-| `RTTY_SERVER`            | Set this to your public RTTY server hostname, for example `rttys.example.com`.      |
-| `SYSTEM_URI_UI`          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
+| Variable                 | Description                                                                             |
+| -----------------------  | --------------------------------------------------------------------------------------- |
+| `FILEUPLOADER_HOST_NAME` | Set this to your OWGW fileupload hostname, for example `openwifi.example.com`.          |
+| `FILEUPLOADER_URI`       | Set this to your OWGW fileupload URL, for example `https://openwifi.example.com:16003`. |
+| `SYSTEM_URI_PUBLIC`      | Set this to your OWGW REST API URL, for example `https://openwifi.example.com:16002`.   |
+| `RTTY_SERVER`            | Set this to your OWGW RTTYS hostname, for example `openwifi.example.com`.               |
+| `SYSTEM_URI_UI`          | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.               |
 
 ### owgw-ui.env
-| Variable            | Description                                                                |
-| ------------------- | -------------------------------------------------------------------------- |
-| `DEFAULT_OWSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+| Variable            | Description                                                                   |
+| ------------------- | ----------------------------------------------------------------------------- |
+| `DEFAULT_OWSEC_URL` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |
 
 ### owsec.env
-| Variable            | Description                                                                |
-| ------------------- | -------------------------------------------------------------------------- |
-| `SYSTEM_URI_PUBLIC` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
-| `SYSTEM_URI_UI`     | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.   |
+| Variable            | Description                                                                   |
+| ------------------- | ----------------------------------------------------------------------------- |
+| `SYSTEM_URI_PUBLIC` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |
+| `SYSTEM_URI_UI`     | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.     |
 
 ### owfms.env
-| Variable            | Description                                                                |
-| ------------------- | -------------------------------------------------------------------------- |
-| `SYSTEM_URI_PUBLIC` | Set this to your OWFms URL, for example `https://owfms.example.com:16004`. |
-| `SYSTEM_URI_UI`     | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.   |
+| Variable            | Description                                                                   |
+| ------------------- | ----------------------------------------------------------------------------- |
+| `SYSTEM_URI_PUBLIC` | Set this to your OWFms URL, for example `https://openwifi.example.com:16004`. |
+| `SYSTEM_URI_UI`     | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.     |
 ### owprov.env
-| Variable             | Description                                                                  |
-| -------------------- | ---------------------------------------------------------------------------- |
-| `SYSTEM_URI_PUBLIC`  | Set this to your OWProv URL, for example `https://owprov.example.com:16005`. |
-| `SYSTEM_URI_UI`      | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.     |
+| Variable             | Description                                                                    | 
+| -------------------- | ------------------------------------------------------------------------------ |
+| `SYSTEM_URI_PUBLIC`  | Set this to your OWProv URL, for example `https://openwifi.example.com:16005`. |
+| `SYSTEM_URI_UI`      | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.      |
 ### owprov-ui.env
-| Variable                  | Description                                                                |
-| ------------------------- | -------------------------------------------------------------------------- |
-| `DEFAULT_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+| Variable                    | Description                                                                   |
+| --------------------------- | ----------------------------------------------------------------------------- |
+| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |
+### owanalytics.env
+| Variable             | Description                                                                         |
+| -------------------- | ----------------------------------------------------------------------------------- |
+| `SYSTEM_URI_PUBLIC`  | Set this to your OWAnalytics URL, for example `https://openwifi.example.com:16009`. |
+| `SYSTEM_URI_UI`      | Set this to your OWProv-UI URL, for example `https://openwifi.example.com`.         |
+### owsub.env
+| Variable             | Description                                                                   |
+| -------------------- | ----------------------------------------------------------------------------- |
+| `SYSTEM_URI_PUBLIC`  | Set this to your OWSub URL, for example `https://openwifi.example.com:16006`. |
+| `SYSTEM_URI_UI`      | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.     |
 ### traefik.env
 | Variable                                            | Description                               |
 | --------------------------------------------------- | ----------------------------------------- |

docker-compose/deploy.sh

@@ -10,12 +10,13 @@ usage () {
   echo;
   echo "- DEFAULT_UCENTRALSEC_URL - public URL of the OWSec service"
   echo "- SYSTEM_URI_UI - public URL of the OWGW-UI service"
-  echo "- RTTY_TOKEN - token to be used for rttys and OWGW for remote tty sessions"
   echo;
 #  echo "- INTERNAL_OWGW_HOSTNAME - OWGW microservice hostname for Docker internal communication"
 #  echo "- INTERNAL_OWSEC_HOSTNAME - OWSec microservice hostname for Docker internal communication"
 #  echo "- INTERNAL_OWFMS_HOSTNAME - OWFms microservice hostname for Docker internal communication"
 #  echo "- INTERNAL_OWPROV_HOSTNAME - OWProv microservice hostname for Docker internal communication"
+#  echo "- INTERNAL_OWANALYTICS_HOSTNAME - OWAnalytics microservice hostname for Docker internal communication"
+#  echo "- INTERNAL_OWSUB_HOSTNAME - OWSub microservice hostname for Docker internal communication"
 #  echo;
   echo "- OWGW_FILEUPLOADER_HOST_NAME - hostname to be used for OWGW fileupload";
   echo "- OWGW_FILEUPLOADER_URI - URL to be used for OWGW fileupload";
@@ -25,28 +26,44 @@ usage () {
   echo;
 #  echo "- OWSEC_SYSTEM_URI_PRIVATE - private URL to be used for OWSec";
   echo "- OWSEC_SYSTEM_URI_PUBLIC - public URL to be used for OWSec";
-  echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec";
-  echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
   echo;
 #  echo "- OWFMS_SYSTEM_URI_PRIVATE - private URL to be used for OWFms";
   echo "- OWFMS_SYSTEM_URI_PUBLIC - public URL to be used for OWFms";
-  echo "- OWFMS_S3_SECRET - secret key that is used for OWFms access to firmwares S3 bucket";
-  echo "- OWFMS_S3_KEY - access key that is used for OWFms access to firmwares S3 bucket";
   echo;
 #  echo "- OWPROV_SYSTEM_URI_PRIVATE - private URL to be used for OWProv";
   echo "- OWPROV_SYSTEM_URI_PUBLIC - public URL to be used for OWProv";
+  echo;
+#  echo "- OWANALYTICS_SYSTEM_URI_PRIVATE - private URL to be used for OWAnalytics";
+  echo "- OWANALYTICS_SYSTEM_URI_PUBLIC - public URL to be used for OWAnalytics";
+  echo;
+#  echo "- OWSUB_SYSTEM_URI_PRIVATE - private URL to be used for OWSub";
+  echo "- OWSUB_SYSTEM_URI_PUBLIC - public URL to be used for OWSub";
+  echo;
+  echo "Optional environment variables:"
+  echo "- WEBSOCKET_CERT - Your Digicert-signed websocket certificate"
+  echo "- WEBSOCKET_KEY - The key to your Digicert-signed websocket certificate"
+  echo;
+  echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec";
+  echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
+  echo;
+  echo "- OWFMS_S3_SECRET - secret key that is used for OWFms access to firmwares S3 bucket";
+  echo "- OWFMS_S3_KEY - access key that is used for OWFms access to firmwares S3 bucket";
+  echo;
+  echo "- SDKHOSTNAME - Public hostname which is used for cert generation when using the Letsencrypt deployment method"
+  echo "- TRAEFIK_ACME_EMAIL - Email address used for ACME registration"
 }
 
 # Check if required environment variables were passed
 ## Configuration variables applying to multiple microservices
 [ -z ${DEFAULT_UCENTRALSEC_URL+x} ] && echo "DEFAULT_UCENTRALSEC_URL is unset" && usage && exit 1
 [ -z ${SYSTEM_URI_UI+x} ] && echo "SYSTEM_URI_UI is unset" && usage && exit 1
-[ -z ${RTTY_TOKEN+x} ] && echo "RTTY_TOKEN is unset" && usage && exit 1
 ## Internal microservice hostnames
 #[ -z ${INTERNAL_OWGW_HOSTNAME+x} ] && echo "INTERNAL_OWGW_HOSTNAME is unset" && usage && exit 1
 #[ -z ${INTERNAL_OWSEC_HOSTNAME+x} ] && echo "INTERNAL_OWSEC_HOSTNAME is unset" && usage && exit 1
 #[ -z ${INTERNAL_OWFMS_HOSTNAME+x} ] && echo "INTERNAL_OWFMS_HOSTNAME is unset" && usage && exit 1
 #[ -z ${INTERNAL_OWPROV_HOSTNAME+x} ] && echo "INTERNAL_OWPROV_HOSTNAME is unset" && usage && exit 1
+#[ -z ${INTERNAL_OWANALYTICS_HOSTNAME+x} ] && echo "INTERNAL_OWANALYTICS_HOSTNAME is unset" && usage && exit 1
+#[ -z ${INTERNAL_OWSUB_HOSTNAME+x} ] && echo "INTERNAL_OWSUB_HOSTNAME is unset" && usage && exit 1
 ## OWGW configuration variables
 [ -z ${OWGW_FILEUPLOADER_HOST_NAME+x} ] && echo "OWGW_FILEUPLOADER_HOST_NAME is unset" && usage && exit 1
 [ -z ${OWGW_FILEUPLOADER_URI+x} ] && echo "OWGW_FILEUPLOADER_URI is unset" && usage && exit 1
@@ -54,18 +71,20 @@ usage () {
 [ -z ${OWGW_SYSTEM_URI_PUBLIC+x} ] && echo "OWGW_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
 [ -z ${OWGW_RTTY_SERVER+x} ] && echo "OWGW_RTTY_SERVER is unset" && usage && exit 1
 ## OWSec configuration variables
-[ -z ${OWSEC_AUTHENTICATION_DEFAULT_USERNAME+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_USERNAME is unset" && usage && exit 1
-[ -z ${OWSEC_AUTHENTICATION_DEFAULT_PASSWORD+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_PASSWORD is unset" && usage && exit 1
 #[ -z ${OWSEC_SYSTEM_URI_PRIVATE+x} ] && echo "OWSEC_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
 [ -z ${OWSEC_SYSTEM_URI_PUBLIC+x} ] && echo "OWSEC_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
 ## OWFms configuration variables
 #[ -z ${OWFMS_SYSTEM_URI_PRIVATE+x} ] && echo "OWFMS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
 [ -z ${OWFMS_SYSTEM_URI_PUBLIC+x} ] && echo "OWFMS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
-[ -z ${OWFMS_S3_SECRET+x} ] && echo "OWFMS_S3_SECRET is unset" && usage && exit 1
-[ -z ${OWFMS_S3_KEY+x} ] && echo "OWFMS_S3_KEY is unset" && usage && exit 1
 ## OWProv configuration variables
 #[ -z ${OWPROV_SYSTEM_URI_PRIVATE+x} ] && echo "OWPROV_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
 [ -z ${OWPROV_SYSTEM_URI_PUBLIC+x} ] && echo "OWPROV_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+## OWAnalytics configuration variables
+#[ -z ${OWANALYTICS_SYSTEM_URI_PRIVATE+x} ] && echo "OWANALYTICS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
+[ -z ${OWANALYTICS_SYSTEM_URI_PUBLIC+x} ] && echo "OWANALYTICS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+## OWSub configuration variables
+#[ -z ${OWSUB_SYSTEM_URI_PRIVATE+x} ] && echo "OWSUB_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
+[ -z ${OWSUB_SYSTEM_URI_PUBLIC+x} ] && echo "OWSUB_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
 
 # Search and replace image version tags if set
 if [[ ! -z "$OWGW_VERSION" ]]; then
@@ -80,12 +99,31 @@ fi
 if [[ ! -z "$OWPROV_VERSION" ]]; then
   sed -i "s~.*OWPROV_TAG=.*~OWPROV_TAG=$OWPROV_VERSION~" .env
 fi
+if [[ ! -z "$OWANALYTICS_VERSION" ]]; then
+  sed -i "s~.*OWANALYTICS_TAG=.*~OWANALYTICS_TAG=$OWANALYTICS_VERSION~" .env
+fi
+if [[ ! -z "$OWSUB_VERSION" ]]; then
+  sed -i "s~.*OWSUB_TAG=.*~OWSUB_TAG=$OWSUB_VERSION~" .env
+fi
 
 # Search and replace variable values in env files
 #sed -i "s~\(^INTERNAL_OWGW_HOSTNAME=\).*~\1$INTERNAL_OWGW_HOSTNAME~" .env
 #sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env
 #sed -i "s~\(^INTERNAL_OWFMS_HOSTNAME=\).*~\1$INTERNAL_OWFMS_HOSTNAME~" .env
 #sed -i "s~\(^INTERNAL_OWPROV_HOSTNAME=\).*~\1$INTERNAL_OWPROV_HOSTNAME~" .env
+#sed -i "s~\(^INTERNAL_OWANALYTICS_HOSTNAME=\).*~\1$INTERNAL_OWANALYTICS_HOSTNAME~" .env
+#sed -i "s~\(^INTERNAL_OWSUB_HOSTNAME=\).*~\1$INTERNAL_OWSUB_HOSTNAME~" .env
+
+if [[ ! -z "$SDKHOSTNAME" ]]; then
+  sed -i "s~.*SDKHOSTNAME=.*~SDKHOSTNAME=$SDKHOSTNAME~" .env.letsencrypt
+fi
+
+if [[ ! -z "$WEBSOCKET_CERT" ]]; then
+  echo "$WEBSOCKET_CERT" > certs/websocket-cert.pem
+fi
+if [[ ! -z "$WEBSOCKET_KEY" ]]; then
+  echo "$WEBSOCKET_KEY" > certs/websocket-key.pem && chmod 600 certs/websocket-key.pem
+fi
 
 sed -i "s~.*FILEUPLOADER_HOST_NAME=.*~FILEUPLOADER_HOST_NAME=$OWGW_FILEUPLOADER_HOST_NAME~" owgw.env
 sed -i "s~.*FILEUPLOADER_URI=.*~FILEUPLOADER_URI=$OWGW_FILEUPLOADER_URI~" owgw.env
@@ -93,7 +131,6 @@ sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWGW_SYSTEM_URI_PUBLIC~" owg
 #sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWGW_SYSTEM_URI_PRIVATE~" owgw.env
 sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owgw.env
 sed -i "s~.*RTTY_SERVER=.*~RTTY_SERVER=$OWGW_RTTY_SERVER~" owgw.env
-sed -i "s~.*RTTY_TOKEN=.*~RTTY_TOKEN=$RTTY_TOKEN~" owgw.env
 
 if [[ ! -z "$SIMULATORID" ]]; then
   sed -i "s~.*SIMULATORID=.*~SIMULATORID=$SIMULATORID~" owgw.env
@@ -101,8 +138,12 @@ fi
 
 sed -i "s~.*DEFAULT_UCENTRALSEC_URL=.*~DEFAULT_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owgw-ui.env
 
-sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
-sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env
+if [[ ! -z "$OWSEC_AUTHENTICATION_DEFAULT_USERNAME" ]]; then
+  sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
+fi
+if [[ ! -z "$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD" ]]; then
+  sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env
+fi
 #sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWSEC_SYSTEM_URI_PRIVATE~" owsec.env
 sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWSEC_SYSTEM_URI_PUBLIC~" owsec.env
 sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owsec.env
@@ -110,16 +151,34 @@ sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owsec.env
 #sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWFMS_SYSTEM_URI_PRIVATE~" owfms.env
 sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWFMS_SYSTEM_URI_PUBLIC~" owfms.env
 sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owfms.env
-sed -i "s~.*S3_SECRET=.*~S3_SECRET=$OWFMS_S3_SECRET~" owfms.env
-sed -i "s~.*S3_KEY=.*~S3_KEY=$OWFMS_S3_KEY~" owfms.env
+if [[ ! -z "$OWFMS_S3_SECRET" ]]; then
+  sed -i "s~.*S3_SECRET=.*~S3_SECRET=$OWFMS_S3_SECRET~" owfms.env
+fi
+if [[ ! -z "$OWFMS_S3_KEY" ]]; then
+  sed -i "s~.*S3_KEY=.*~S3_KEY=$OWFMS_S3_KEY~" owfms.env
+fi
 
 #sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWPROV_SYSTEM_URI_PRIVATE~" owprov.env
 sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWPROV_SYSTEM_URI_PUBLIC~" owprov.env
 sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owprov.env
 
-sed -i "s~.*DEFAULT_UCENTRALSEC_URL=.*~DEFAULT_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owprov-ui.env
+sed -i "s~.*REACT_APP_UCENTRALSEC_URL=.*~REACT_APP_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owprov-ui.env
 
-sed -i "s~\(^token:\).*~\1 $RTTY_TOKEN~" rttys/rttys.conf
+#sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWANALYTICS_SYSTEM_URI_PRIVATE~" owanalytics.env
+sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWANALYTICS_SYSTEM_URI_PUBLIC~" owanalytics.env
+sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owanalytics.env
+
+#sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWSUB_SYSTEM_URI_PRIVATE~" owsub.env
+sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWSUB_SYSTEM_URI_PUBLIC~" owsub.env
+sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owsub.env
+
+if [[ ! -z "$TRAEFIK_ACME_EMAIL" ]]; then
+  sed -i "s~.*TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=.*~TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=$TRAEFIK_ACME_EMAIL~" traefik.env
+fi
 
 # Run the deployment
-docker-compose up -d
+if [[ ! -z "$SDKHOSTNAME" ]]; then
+  docker-compose -f docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt up -d
+else
+  docker-compose up -d
+fi

docker-compose/docker-compose.lb.letsencrypt.yml

@@ -9,6 +9,10 @@ volumes:
     driver: local
   owprov_data:
     driver: local
+  owanalytics_data:
+    driver: local
+  owsub_data:
+    driver: local
   zookeeper_data:
     driver: local
   zookeeper_datalog:
@@ -33,7 +37,6 @@ services:
       - owgw.env
     depends_on:
       - kafka
-      - rttys
     restart: unless-stopped
     volumes:
       - owgw_data:${OWGW_ROOT}/persist
@@ -121,17 +124,37 @@ services:
       - owprov
     restart: unless-stopped
 
-  rttys:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/rttys:${RTTYS_TAG}"
+  owanalytics:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owanalytics:${OWANALYTICS_TAG}"
     networks:
       openwifi:
         aliases:
-          - ${INTERNAL_RTTYS_HOSTNAME}
+          - ${INTERNAL_OWANALYTICS_HOSTNAME}
+    env_file:
+      - .env.letsencrypt
+      - owanalytics.env
+    depends_on:
+      - kafka
     restart: unless-stopped
     volumes:
-      - "./certs/restapi-cert.pem:/etc/rttys/restapi-cert.pem"
-      - "./certs/restapi-key.pem:/etc/rttys/restapi-key.pem"
-      - "./rttys/rttys_letsencrypt.conf:/rttys/rttys.conf"
+      - owanalytics_data:${OWANALYTICS_ROOT}
+      - ./certs:/${OWANALYTICS_ROOT}/certs
+
+  owsub:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owsub:${OWSUB_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWSUB_HOSTNAME}
+    env_file:
+      - .env.letsencrypt
+      - owsub.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owsub_data:${OWSUB_ROOT}
+      - ./certs:/${OWSUB_ROOT}/certs
 
   zookeeper:
     image: "zookeeper:${ZOOKEEPER_TAG}"
@@ -168,20 +191,29 @@ services:
       - owfms
       - owprov
       - owprov-ui
-      - rttys
     restart: unless-stopped
     volumes:
       - "./traefik/openwifi_letsencrypt.yaml:/etc/traefik/openwifi.yaml"
       - "./certs/restapi-ca.pem:/certs/restapi-ca.pem"
       - "letsencrypt_certs:/letsencrypt"
+    entrypoint:
+      - /bin/sh
+      - -c
+      - |
+        timeout 10m sh -c 'until [[ "$$(getent hosts $SDKHOSTNAME)" ]]; do echo "Waiting until DNS record for $SDKHOSTNAME is resolvable"; sleep 5; done' \
+        && ./entrypoint.sh traefik
     ports:
       - "15002:15002"
       - "16002:16002"
       - "16003:16003"
       - "80:80"
+      - "8080:8080"
       - "443:443"
+      - "8443:8443"
       - "16001:16001"
       - "16004:16004"
       - "16005:16005"
+      - "16009:16009"
+      - "16006:16006"
       - "5912:5912"
       - "5913:5913"

docker-compose/docker-compose.lb.selfsigned.yml

@@ -9,6 +9,10 @@ volumes:
     driver: local
   owprov_data:
     driver: local
+  owanalytics_data:
+    driver: local
+  owsub_data:
+    driver: local
   zookeeper_data:
     driver: local
   zookeeper_datalog:
@@ -31,7 +35,6 @@ services:
       - owgw.env
     depends_on:
       - kafka
-      - rttys
     restart: unless-stopped
     volumes:
       - owgw_data:${OWGW_ROOT}/persist
@@ -121,17 +124,37 @@ services:
       - owprov
     restart: unless-stopped
 
-  rttys:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/rttys:${RTTYS_TAG}"
+  owanalytics:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owanalytics:${OWANALYTICS_TAG}"
     networks:
       openwifi:
         aliases:
-          - ${INTERNAL_RTTYS_HOSTNAME}
+          - ${INTERNAL_OWANALYTICS_HOSTNAME}
+    env_file:
+      - .env.selfsigned
+      - owanalytics.env
+    depends_on:
+      - kafka
     restart: unless-stopped
     volumes:
-      - "./certs/restapi-cert.pem:/etc/rttys/restapi-cert.pem"
-      - "./certs/restapi-key.pem:/etc/rttys/restapi-key.pem"
-      - "./rttys/rttys.conf:/rttys/rttys.conf"
+      - owanalytics_data:${OWANALYTICS_ROOT}
+      - ./certs:/${OWANALYTICS_ROOT}/certs
+
+  owsub:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owsub:${OWSUB_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWSUB_HOSTNAME}
+    env_file:
+      - .env.selfsigned
+      - owsub.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owsub_data:${OWSUB_ROOT}
+      - ./certs:/${OWSUB_ROOT}/certs
 
   zookeeper:
     image: "zookeeper:${ZOOKEEPER_TAG}"
@@ -167,7 +190,6 @@ services:
       - owfms
       - owprov
       - owprov-ui
-      - rttys
     restart: unless-stopped
     volumes:
       - "./traefik/openwifi_selfsigned.yaml:/etc/traefik/openwifi.yaml"
@@ -185,5 +207,6 @@ services:
       - "16001:16001"
       - "16004:16004"
       - "16005:16005"
+      - "16009:16009"
       - "5912:5912"
       - "5913:5913"

docker-compose/docker-compose.postgresql.yml

@@ -25,6 +25,16 @@ services:
       - postgresql
     command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owprov"]
 
+  owanalytics:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owanalytics"]
+
+  owsub:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owsub"]
+
   postgresql:
     image: "postgres:${POSTGRESQL_TAG}"
     networks:

docker-compose/docker-compose.yml

@@ -22,7 +22,6 @@ services:
       - owgw.env
     depends_on:
       - kafka
-      - rttys
     restart: unless-stopped
     volumes:
       - "./owgw_data:${OWGW_ROOT}"
@@ -32,6 +31,8 @@ services:
       - "16002:16002"
       - "16102:16102"
       - "16003:16003"
+      - "5912:5912"
+      - "5913:5913"
     sysctls:
       - net.ipv4.tcp_keepalive_intvl=5
       - net.ipv4.tcp_keepalive_probes=2
@@ -131,18 +132,41 @@ services:
       - "8080:8080"
       - "8443:8443"
 
-  rttys:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/rttys:${RTTYS_TAG}"
-    restart: unless-stopped
+  owanalytics:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owanalytics:${OWANALYTICS_TAG}"
     networks:
       openwifi:
+        aliases:
+          - ${INTERNAL_OWANALYTICS_HOSTNAME}
+    env_file:
+      - owanalytics.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
     volumes:
-      - "./certs/restapi-cert.pem:/etc/rttys/restapi-cert.pem"
-      - "./certs/restapi-key.pem:/etc/rttys/restapi-key.pem"
-      - "./rttys/rttys.conf:/rttys/rttys.conf"
+      - "./owanalytics_data:${OWANALYTICS_ROOT}"
+      - "./certs:/${OWANALYTICS_ROOT}/certs"
     ports:
-      - "5912:5912"
-      - "5913:5913"
+      - "16009:16009"
+      - "16109:16109"
+
+  owsub:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owsub:${OWSUB_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWSUB_HOSTNAME}
+    env_file:
+      - owsub.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - "./owsub_data:${OWSUB_ROOT}"
+      - "./certs:/${OWSUB_ROOT}/certs"
+    ports:
+      - "16006:16006"
+      - "16106:16106"
 
   zookeeper:
     image: "zookeeper:${ZOOKEEPER_TAG}"

docker-compose/owanalytics.env

@@ -0,0 +1,38 @@
+RUN_CHOWN=true
+TEMPLATE_CONFIG=true
+SELFSIGNED_CERTS=true
+
+OWANALYTICS_ROOT=/owanalytics-data
+OWANALYTICS_CONFIG=/owanalytics-data
+
+#RESTAPI_HOST_ROOTCA=$OWANALYTICS_ROOT/certs/restapi-ca.pem
+#RESTAPI_HOST_PORT=16009
+#RESTAPI_HOST_CERT=$OWANALYTICS_ROOT/certs/restapi-cert.pem
+#RESTAPI_HOST_KEY=$OWANALYTICS_ROOT/certs/restapi-key.pem
+#RESTAPI_HOST_KEY_PASSWORD=mypassword
+#INTERNAL_RESTAPI_HOST_ROOTCA=$OWANALYTICS_ROOT/certs/restapi-ca.pem
+#INTERNAL_RESTAPI_HOST_PORT=17009
+#INTERNAL_RESTAPI_HOST_CERT=$OWANALYTICS_ROOT/certs/restapi-cert.pem
+#INTERNAL_RESTAPI_HOST_KEY=$OWANALYTICS_ROOT/certs/restapi-key.pem
+#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
+#FIRMWARE_UPDATER_UPGRADE=yes
+#FIRMWARE_UPDATER_RCONLY=no
+#SERVICE_KEY=$OWANALYTICS_ROOT/certs/restapi-key.pem
+#SERVICE_KEY_PASSWORD=mypassword
+SYSTEM_DATA=$OWANALYTICS_ROOT/persist
+SYSTEM_URI_PRIVATE=https://owanalytics.wlan.local:17009
+SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16009
+SYSTEM_URI_UI=https://openwifi.wlan.local
+#KAFKA_ENABLE=true
+KAFKA_BROKERLIST=kafka:9092
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owanalytics
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owanalytics
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owanalytics
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE_MYSQL_HOST=localhost
+#STORAGE_TYPE_MYSQL_USERNAME=owanalytics
+#STORAGE_TYPE_MYSQL_PASSWORD=owanalytics
+#STORAGE_TYPE_MYSQL_DATABASE=owanalytics
+#STORAGE_TYPE_MYSQL_PORT=3306

docker-compose/owgw.env

@@ -38,12 +38,17 @@ SYSTEM_URI_PRIVATE=https://owgw.wlan.local:17002
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16002
 SYSTEM_URI_UI=https://openwifi.wlan.local
 #SIMULATORID=
-RTTY_ENABLED=true
+#IPTOCOUNTRY_PROVIDER=ipinfo
+#IPTOCOUNTRY_IPINFO_TOKEN=
+#IPTOCOUNTRY_IPDATA_APIKEY=
+#RTTY_INTERNAL=true
+#RTTY_ENABLED=true
 RTTY_SERVER=openwifi.wlan.local
 #RTTY_PORT=5912
-#RTTY_TOKEN=96181c567b4d0d98c50f127230068fa8
+#RTTY_TOKEN=
 #RTTY_TIMEOUT=60
 #RTTY_VIEWPORT=5913
+#RTTY_ASSETS=$OWGW_ROOT/rtty_ui
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
 #STORAGE_TYPE=sqlite

docker-compose/owprov-ui.env

@@ -1,2 +1,2 @@
-DEFAULT_UCENTRALSEC_URL=https://openwifi.wlan.local:16001
 ALLOW_UCENTRALSEC_CHANGE=false
+REACT_APP_UCENTRALSEC_URL=https://openwifi.wlan.local:16001

docker-compose/owsub.env

@@ -0,0 +1,38 @@
+RUN_CHOWN=true
+TEMPLATE_CONFIG=true
+SELFSIGNED_CERTS=true
+
+OWSUB_ROOT=/owsub-data
+OWSUB_CONFIG=/owsub-data
+
+#RESTAPI_HOST_ROOTCA=$OWSUB_ROOT/certs/restapi-ca.pem
+#RESTAPI_HOST_PORT=16006
+#RESTAPI_HOST_CERT=$OWSUB_ROOT/certs/restapi-cert.pem
+#RESTAPI_HOST_KEY=$OWSUB_ROOT/certs/restapi-key.pem
+#RESTAPI_HOST_KEY_PASSWORD=mypassword
+#INTERNAL_RESTAPI_HOST_ROOTCA=$OWSUB_ROOT/certs/restapi-ca.pem
+#INTERNAL_RESTAPI_HOST_PORT=17006
+#INTERNAL_RESTAPI_HOST_CERT=$OWSUB_ROOT/certs/restapi-cert.pem
+#INTERNAL_RESTAPI_HOST_KEY=$OWSUB_ROOT/certs/restapi-key.pem
+#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
+#FIRMWARE_UPDATER_UPGRADE=yes
+#FIRMWARE_UPDATER_RCONLY=no
+#SERVICE_KEY=$OWSUB_ROOT/certs/restapi-key.pem
+#SERVICE_KEY_PASSWORD=mypassword
+SYSTEM_DATA=$OWSUB_ROOT/persist
+SYSTEM_URI_PRIVATE=https://owsub.wlan.local:17006
+SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16006
+SYSTEM_URI_UI=https://openwifi.wlan.local
+#KAFKA_ENABLE=true
+KAFKA_BROKERLIST=kafka:9092
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owsub
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owsub
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owsub
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE_MYSQL_HOST=localhost
+#STORAGE_TYPE_MYSQL_USERNAME=owsub
+#STORAGE_TYPE_MYSQL_PASSWORD=owsub
+#STORAGE_TYPE_MYSQL_DATABASE=owsub
+#STORAGE_TYPE_MYSQL_PORT=3306

docker-compose/postgresql.env

@@ -12,3 +12,9 @@ OWFMS_DB_PASSWORD=owfms
 OWPROV_DB=owprov
 OWPROV_DB_USER=owprov
 OWPROV_DB_PASSWORD=owprov
+OWANALYTICS_DB=owanalytics
+OWANALYTICS_DB_USER=owanalytics
+OWANALYTICS_DB_PASSWORD=owanalytics
+OWUSB_DB=owsub
+OWUSB_DB_USER=owsub
+OWUSB_DB_PASSWORD=owsub

docker-compose/postgresql/init-db.sh

@@ -14,4 +14,10 @@ psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
     CREATE USER $OWPROV_DB_USER WITH ENCRYPTED PASSWORD '$OWPROV_DB_PASSWORD';
     CREATE DATABASE $OWPROV_DB;
     GRANT ALL PRIVILEGES ON DATABASE $OWPROV_DB TO $OWPROV_DB_USER;
+    CREATE USER $OWANALYTICS_DB_USER WITH ENCRYPTED PASSWORD '$OWANALYTICS_DB_PASSWORD';
+    CREATE DATABASE $OWANALYTICS_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWANALYTICS_DB TO $OWANALYTICS_DB_USER;
+    CREATE USER $OWSUB_DB_USER WITH ENCRYPTED PASSWORD '$OWSUB_DB_PASSWORD';
+    CREATE DATABASE $OWSUB_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWSUB_DB TO $OWSUB_DB_USER;
 EOSQL

docker-compose/rttys/rttys.conf

@@ -1,16 +0,0 @@
-addr-dev: :5912
-addr-user: :5913
-#addr-web: :5914
-#web-redir-url:# Auth for http
-http-username: rttys
-http-password: rttys
-ssl-cert: /etc/rttys/restapi-cert.pem
-ssl-key: /etc/rttys/restapi-key.pem
-token: 96181c567b4d0d98c50f127230068fa8
-# font-size: 16
-# No login required to connect device.
-# Values can be device IDs separated by spaces,
-# or a "*" indicates that all devices do not require login
-# http://localhost:5913/connect/rtty1
-white-list: "*"
-#white-list: rtty1 rtty2

docker-compose/rttys/rttys_letsencrypt.conf

@@ -1,16 +0,0 @@
-addr-dev: :5912
-addr-user: :5913
-#addr-web: :5914
-#web-redir-url:# Auth for http
-http-username: rttys
-http-password: rttys
-#ssl-cert: /etc/rttys/restapi-cert.pem
-#ssl-key: /etc/rttys/restapi-key.pem
-token: 96181c567b4d0d98c50f127230068fa8
-# font-size: 16
-# No login required to connect device.
-# Values can be device IDs separated by spaces,
-# or a "*" indicates that all devices do not require login
-# http://localhost:5913/connect/rtty1
-white-list: "*"
-#white-list: rtty1 rtty2

docker-compose/traefik.env

@@ -1,6 +1,8 @@
 TRAEFIK_ENTRYPOINTS_OWGWWEBSOCKET_ADDRESS=:15002
 TRAEFIK_ENTRYPOINTS_OWGWRESTAPI_ADDRESS=:16002
 TRAEFIK_ENTRYPOINTS_OWGWFILEUPLOAD_ADDRESS=:16003
+TRAEFIK_ENTRYPOINTS_OWGWRTTYS_ADDRESS=:5912
+TRAEFIK_ENTRYPOINTS_OWGWRTTYSVIEW_ADDRESS=:5913
 TRAEFIK_ENTRYPOINTS_OWGWUIHTTP_ADDRESS=:80
 TRAEFIK_ENTRYPOINTS_OWGWUIHTTP_HTTP_REDIRECTIONS_ENTRYPOINT_TO=owgwuihttps
 TRAEFIK_ENTRYPOINTS_OWPROVUIHTTP_ADDRESS=:8080
@@ -10,8 +12,8 @@ TRAEFIK_ENTRYPOINTS_OWPROVUIHTTPS_ADDRESS=:8443
 TRAEFIK_ENTRYPOINTS_OWSECRESTAPI_ADDRESS=:16001
 TRAEFIK_ENTRYPOINTS_OWFMSRESTAPI_ADDRESS=:16004
 TRAEFIK_ENTRYPOINTS_OWPROVRESTAPI_ADDRESS=:16005
-TRAEFIK_ENTRYPOINTS_RTTYSDEV_ADDRESS=:5912
-TRAEFIK_ENTRYPOINTS_RTTYSUSER_ADDRESS=:5913
+TRAEFIK_ENTRYPOINTS_OWANALYTICSRESTAPI_ADDRESS=:16009
+TRAEFIK_ENTRYPOINTS_OWSUBRESTAPI_ADDRESS=:16006
 TRAEFIK_PROVIDERS_FILE_FILENAME=/etc/traefik/openwifi.yaml
 TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=
 TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_HTTPCHALLENGE=true

docker-compose/traefik/openwifi_letsencrypt.yaml

@@ -28,66 +28,86 @@ http:
       loadBalancer:
         servers:
           - url: "http://owprov-ui.wlan.local:80/"
-    rttys-user:
+    owanalytics-restapi:
       loadBalancer:
         servers:
-          - url: "http://rttys.wlan.local:5913/"
+          - url: "https://owanalytics.wlan.local:16009/"
+    owsub-restapi:
+      loadBalancer:
+        servers:
+          - url: "https://owsub.wlan.local:16006/"
+    owgw-rttys-view:
+      loadBalancer:
+        servers:
+          - url: "https://owgw.wlan.local:5913/"
 
   routers:
     owgw-ui-http:
       entryPoints: "owgwuihttp"
       service: "owgw-ui"
-      rule: "Host(`{{ env "OWGWUI_HOSTNAME" }}`)"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
     owgw-ui-https:
       entryPoints: "owgwuihttps"
       service: "owgw-ui"
-      rule: "Host(`{{ env "OWGWUI_HOSTNAME" }}`)"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
       tls:
         certResolver: "openwifi"
     owgw-fileupload:
       entryPoints: "owgwfileupload"
       service: "owgw-fileupload"
-      rule: "Host(`{{ env "OWGWFILEUPLOAD_HOSTNAME" }}`)"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
       tls:
         certResolver: "openwifi"
     owgw-restapi:
       entryPoints: "owgwrestapi"
       service: "owgw-restapi"
-      rule: "Host(`{{ env "OWGW_HOSTNAME" }}`)"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
+      tls:
+        certResolver: "openwifi"
+    owgw-rttys-view:
+      entryPoints: "owgwrttysview"
+      service: "owgw-rttys-view"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
       tls:
         certResolver: "openwifi"
     owsec-restapi:
       entryPoints: "owsecrestapi"
       service: "owsec-restapi"
-      rule: "Host(`{{ env "OWSEC_HOSTNAME" }}`)"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
       tls:
         certResolver: "openwifi"
     owfms-restapi:
       entryPoints: "owfmsrestapi"
       service: "owfms-restapi"
-      rule: "Host(`{{env "OWFMS_HOSTNAME"}}`)"
+      rule: "Host(`{{env "SDKHOSTNAME"}}`)"
       tls:
         certResolver: "openwifi"
     owprov-restapi:
       entryPoints: "owprovrestapi"
       service: "owprov-restapi"
-      rule: "Host(`{{env "OWPROV_HOSTNAME"}}`)"
+      rule: "Host(`{{env "SDKHOSTNAME"}}`)"
       tls:
         certResolver: "openwifi"
     owprov-ui-http:
-      entryPoints: "owgwuihttp"
+      entryPoints: "owprovuihttp"
       service: "owprov-ui"
-      rule: "Host(`{{ env "OWPROVUI_HOSTNAME" }}`)"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
     owprov-ui-https:
-      entryPoints: "owgwuihttps"
+      entryPoints: "owprovuihttps"
       service: "owprov-ui"
-      rule: "Host(`{{ env "OWPROVUI_HOSTNAME" }}`)"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
       tls:
         certResolver: "openwifi"
-    rttys-user:
-      entryPoints: "rttysuser"
-      service: "rttys-user"
-      rule: "Host(`{{ env "RTTYS_HOSTNAME" }}`)"
+    owanalytics-restapi:
+      entryPoints: "owanalyticsrestapi"
+      service: "owanalytics-restapi"
+      rule: "Host(`{{env "SDKHOSTNAME"}}`)"
+      tls:
+        certResolver: "openwifi"
+    owsub-restapi:
+      entryPoints: "owsubrestapi"
+      service: "owsub-restapi"
+      rule: "Host(`{{env "SDKHOSTNAME"}}`)"
       tls:
         certResolver: "openwifi"
 
@@ -98,10 +118,10 @@ tcp:
         servers:
           - address: "owgw.wlan.local:15002"
 
-    rttys-dev:
+    owgw-rttys:
       loadBalancer:
         servers:
-          - address: "rttys.wlan.local:5912"
+          - address: "owgw.wlan.local:5912"
 
   routers:
     owgw-websocket:
@@ -111,9 +131,9 @@ tcp:
       tls:
         passthrough: true
 
-    rttys-dev:
-      entryPoints: "rttysdev"
-      service: "rttys-dev"
-      rule: "HostSNI(`{{ env "RTTYS_HOSTNAME" }}`)"
+    owgw-rttys:
+      entryPoints: "owgwrttys"
+      service: "owgw-rttys"
+      rule: "HostSNI(`*`)"
       tls:
-        certResolver: openwifi
+        passthrough: true

docker-compose/traefik/openwifi_selfsigned.yaml

@@ -52,6 +52,14 @@ tcp:
       loadBalancer:
         servers:
           - address: "owgw.wlan.local:16003"
+    owgw-rttys:
+      loadBalancer:
+        servers:
+          - address: "owgw.wlan.local:5912"
+    owgw-rttys-view:
+      loadBalancer:
+        servers:
+          - address: "owgw.wlan.local:5913"
     owsec-restapi:
       loadBalancer:
         servers:
@@ -64,14 +72,14 @@ tcp:
       loadBalancer:
         servers:
           - address: "owprov.wlan.local:16005"
-    rttys-dev:
+    owanalytics-restapi:
       loadBalancer:
         servers:
-          - address: "rttys.wlan.local:5912"
-    rttys-user:
+          - address: "owanalytics.wlan.local:16009"
+    owsub-restapi:
       loadBalancer:
         servers:
-          - address: "rttys.wlan.local:5913"
+          - address: "owsub.wlan.local:16006"
 
   routers:
     owgw-websocket:
@@ -92,6 +100,18 @@ tcp:
       rule: "HostSNI(`*`)"
       tls:
         passthrough: true
+    owgw-rttys:
+      entryPoints: "owgwrttys"
+      service: "owgw-rttys"
+      rule: "HostSNI(`*`)"
+      tls:
+        passthrough: true
+    owgw-rttys-view:
+      entryPoints: "owgwrttysview"
+      service: "owgw-rttys-view"
+      rule: "HostSNI(`*`)"
+      tls:
+        passthrough: true
     owsec-restapi:
       entryPoints: "owsecrestapi"
       service: "owsec-restapi"
@@ -110,15 +130,15 @@ tcp:
       rule: "HostSNI(`*`)"
       tls:
         passthrough: true
-    rttys-dev:
-      entryPoints: "rttysdev"
-      service: "rttys-dev"
+    owanalytics-restapi:
+      entryPoints: "owanalyticsrestapi"
+      service: "owanalytics-restapi"
       rule: "HostSNI(`*`)"
       tls:
         passthrough: true
-    rttys-user:
-      entryPoints: "rttysuser"
-      service: "rttys-user"
+    owsub-restapi:
+      entryPoints: "owsubrestapi"
+      service: "owsub-restapi"
       rule: "HostSNI(`*`)"
       tls:
         passthrough: true